While some insurers are seeing an increasing number of businesses purchasing cyber insurance, that doesn’t mean the cyber marketplace is without its challenges. In fact, according to one expert, this market is “under the most stress it’s been in recent memory” thanks largely to severe ransomware losses.
“They’re hitting small business, middle-market and large accounts, and they (ransomware attacks) are a source of considerable attritional loss,” said Michael Palotay, chief underwriting officer for Tokio Marine HCC’s Cyber & Professional Lines Group. “This has resulted in a significant deterioration or elimination of underwriting profit for many markets.”
With current cyber insurance rates, this situation is “frankly unsustainable,” added Palotay. “When we’re getting a few thousand dollars for a small business account and then paying a million-dollar ransom, the product is just not priced correctly for that kind of scenario. We think this is going to establish a pretty firm floor for cyber rates, which have been going down steadily – some may say relentlessly – for the past four or five years.”
Though some industry classes are more popular targets for ransomware, there’s no such thing as a low-risk industry when it comes to cyber today. Historically, manufacturing and industrial companies didn’t store much private information and, in turn, were considered low risk because they didn’t have much privacy risk. Now, relatively small manufacturers can see large ransom losses, as can companies in other industries – just look at the spate of cyberattacks on global shipping firms.
“This is a significant paradigm shift, so Tokio Marine HCC and many of the other carriers are adjusting their models accordingly,” said Palotay.
Of particular note is the “increasing divergence between established players, who have considerably more claims data, and new entrants to the market who are using, what I think are unproven, streamlined underwriting methods to grow quickly,” warned Palotay. While the established markets are pushing rate and tightening underwriting requirements, he believes many start-ups do not seem to be adjusting for new claim trends.
Small to medium-sized businesses are in every carrier’s sights because many have not yet purchased cyber coverage.
“The percentage of small businesses that buy cyber insurance is still less than 20%, yet we have seen a significant increase in losses in our small business book,” said Palotay. “There is a compelling reason to buy cyber insurance – there always was, and now there’s more awareness of the risks; many small companies have either had a claim or know another company that has.”
It’s also a great time to sell cyber because businesses are very interested in learning how to defend themselves against ransomware attacks and privacy breaches. Having a cyber insurance policy in place for when a cyberattack inevitably happens is only one part of the equation.
One of the additional advantages of a cyber insurance policy is the claims expertise of an experienced carrier. “A small company that gets hit with ransomware can’t afford a protracted adjustment period when they are losing money every day. They need expertise and a quick response,” asserted Palotay.
With substantial changes in loss trends, it pays to recommend cyber insurance carriers that have been in this space for a long time and boast significant financial strength.
“I would worry about relatively new entrants into the market,” said Palotay. “When there’s an explosion of claims and losses are creeping up, you don’t want to be relying on a relative newcomer that doesn’t have a lot of claims experience to fall back on, or who may be out of business in the next couple years.”