WTW has released the latest cyber insurance market update, providing an overview of key developments in the cyber insurance market and analysing the conditions for domestic and international companies using the London insurance market to transfer risk.
The report noted significant changes in the cyber insurance market during Q2 2022, with market segments becoming more distinct and nuanced than ever experienced previously.
Trading conditions generally improved during the period, especially for core enterprise-scale (revenue of £1 billion or more) clients. While clients still needed to show a good level of risk control to secure capacity, WTW observed that insurers had become more flexible where clients were able to explain their risk acceptance rationale, or where the risk involved matched their underwriting strategies. Still, insurers now have areas of focus they will require clients to demonstrate strong control measures in. Detailed underwriting information and context remain key.
New insurance capacity also entered the market during Q2 2022, with WTW predicting more to follow in Q3. Insurtech companies have established themselves in the US cyber market and will likely compete in the middle-market space. WTW also noted that a leading global cyber insurer has just launched an environmental, social, and governance (ESG) based syndicate.
Policy coverage remained under “very careful review”, with insurers reviewing war and terrorism-exclusionary language in their policies. Insurers were also cautious of clients at risk from the Ukraine conflict – telecommunication organisations, financial institutions, and national infrastructure – though the level of concern appeared to recede during the quarter.
Premium increases were variable during the period. Insurers focused on sustainable pricing rather than a default of further increases, and clients are now considering increasing the level of self-insured retention as they plan their cyber insurance-purchasing strategies.
The report also identified ransomware as a significant risk, likely to result in financial losses beyond a ransomware demand, though trends suggest that fewer ransomware demands are being paid.