Cyber insurance profitability less certain as new risks emerge – A.M. Best

Cyber insurance profitability less certain as new risks emerge – A.M. Best | Insurance Business

Cyber insurance profitability less certain as new risks emerge – A.M. Best

Direct premiums written in the US cyber insurance market grew by 11% annually in 2019 to $2.25 billion – but the rate of growth slowed from the previous year, marking the fourth straight year of slowdowns, according to a new A.M. Best report.

In the new Best’s Market Segment Report, “Cyber Insurance: Profitability Less Certain as New Risks Emerge”, the ratings agency found that growth has slowed significantly from 2016-2017, when direct written premiums grew by more than 30% year over year.

In the years since, the cyber threat landscape has expanded and awareness of cybersecurity issues has increased, AM Best said.

“Protracted litigation has demonstrated that cyberattacks have a longer tail than expected, underscoring the importance of managing so-called silent cyber,” A.M. Best said. “Additionally, the frequency and severity of ransomware attacks have escalated, as have data breached and kidnaps in the health care industry.”

Highlights from the report include:

  • Standalone cyber policy premiums rose by 14% in 2019, outpacing the 7% growth in packaged cyber policies
  • The total number of claims has doubled since 2017 to about 18,000 last year, which could create a pricing issue if rates can’t keep up with rising claims frequency. Standalone direct paid loss and defense and cost containment rose for a third consecutive year, from 23.1% in 2018 to 32.5% in 2019
  • Chubb INA Group was the top cyber insurer again in 2019, ahead of XL Reinsurance America Group (AXA XL) and American International Group. Chubb INA Group posted $356.9 million in cyber direct premiums, nearly all of which were for packaged policies
  • Hartford Insurance Group held the most cyber policies in force at the end of 2019 with 542,700

The report emphasized that A.M. Best’s market figures were likely understated “given the lack of standardization in cyber policies and reporting, as well as a considerable usage of captive and surplus lines insurers to write cyber coverage.”