A reliable source of profit for carriers in its early years, quiet concerns started to circulate in the standalone cyber market in the first half of last year about how much longer the class would continue to deliver a return to underwriters.
This year, those concerns have grown louder and more urgent.
The surge in both frequency and severity of ransomware claims has forced the significant revision of loss picks – with many sources now telling this publication that as early as the 2018 underwriting year is now break-even or unprofitable (and the picture has not improved since then).
The sharp turnaround of fortunes in cyber has also pricked up the ears of the Performance Management Department at Lloyd’s, with the Corporation understood to be monitoring the situation closely.
Rates are indeed increasing – some carriers are said to be forecasting risk-adjusted increases in the mid-teens for 2021 – but there is a crucial question around whether this is enough to keep up with loss-cost trends, and it is not clear that this is the case. Many in the market feel the answer to that question is no.
Market exits have already occurred – most notably Argo and MS Amlin in Lloyd’s – but this, combined with the select trimming of line sizes, has not generated enough capacity withdrawal to force significant pricing change.
The conversation among market participants has now turned to the structure of the product and how it needs to change to get a handle on exposures.
There is growing recognition among carriers that there needs to be wholesale change in the market in how it thinks about cyber. But who will drive this change? At this point there are two contenders:
1. The market leaders
Some hold the theory that those that helped forge the cyber market are the ones who can really enforce change.
And in this regard, three names frequently come into conversation: AIG, Chubb and Beazley.
The trio still lead the majority of business – at least in the London market – and in the past have been fundamental in shaping the product, including the introduction of coverage-broadening wordings and the push for larger line sizes and limits.
With that in mind, recent comments from Beazley CEO Andrew Horton – whose firm will write just shy of $500mn in cyber GWP by the end of the year and leads virtually all of its business – are a strong indication that the mood is changing among the market leaders.
The CEO said on his firm’s Q3 analyst call that Beazley had lifted increased its 2019 and 2020 opening loss ratios for cyber to maintain “prudence”, and adjusted its reserves accordingly.
On ransomware specifically, Horton said the market should “think about what limit it's giving for ransomware claims because as limits go up, the ransomware claims are going up with it.”
He also said carriers should focus on clients that have the best security in terms of avoiding ransomware or responding to it.
The executive suggested strongly that those carriers committed to the cyber market needed to evolve with it – implying that Beazley would also be altering its approach in the coming months.
“Claims have changed dramatically since the first cyber policies were written in 2008, '09, '10 until now, and capacity that has not put as much thought as it should into what the risks are tends to come in and go out,” Horton explained.
“We're definitely in the process of people being hit by ransomware claims and withdrawing capacity. I feel we [Beazley] are one of the most thoughtful cyber underwriters, having been there at the beginning. Our aim is to evolve with the marketplace.”
Executives at AIG and Chubb did not reference changing cyber claims trends on their earnings calls, though anecdotally London-based market participants have suggested that the two carriers are subtly changing their approach to the risk to manage exposures.
The key question among cyber market observers is whether the three carriers will together evolve their thinking around cyber enough to trigger wider change in the market.
2. The reinsurers
The cyber market is heavily reliant on reinsurance – some suggest that as much as 40% of the circa $5bn direct market is transferred to reinsurers – and as a result the approach of cyber reinsurance writers in the run-up to the key 1 January renewal will be influential in driving underlying market dynamics.
In what seemed to buck wider (albeit off-record) market commentary, Munich Re CFO Christoph Jurecka said in his firm’s Q3 analyst call that the carrier had not experienced the deterioration in cyber loss ratios with respect to ransomware, on the primary side or on the reinsurance side.
“On the reinsurance side, there might be potentially a delay. So maybe there is something we don't see yet. But even if there was something, I think the profitability of our book overall would be fully intact,” he told analysts in commentary which other market participants privately described as “curious” and “baffling”.
Renewals discussions are underway and early indications from the market suggest that a more cautious approach from reinsurers is prevalent, with a handful of mid-sized markets now refusing to accept any new business.
Sources speaking to this publication have suggested that reinsurers are asking more probing questions of their cedants at this renewal – challenging their loss picks and decisions around attachment points and line sizes.
Quota share structures are still the preferred reinsurance structure in cyber. Cedant concerns around aggregation risk have triggered a shift in more recent times to excess of loss (XoL) structures, with total limit of aggregate XoL cyber reinsurance placed increasing from $1.5bn to $2.0bn from 2019 to 2020, excluding retrocession, according to Swiss Re.
Brokers so far are not concerned about capacity levels, which they believe to be robust, but changes in rate and ceding commissions are anticipated come 1 January – the only question being the extent of those movements.
The head of reinsurance at Swiss Re’s cyber centre, Anthony Cordonnier, warned in a recent blog that despite a hardening of rates in the underlying cyber insurance market, factors such as increasing ransomware attacks suggest that quota share ceding commissions and non-proportional rates would need to be adjusted in the upcoming 1 January renewal.
Current market dynamics mean quota share reinsurers are typically enjoying thinner margins than their clients, which also means that they will suffer more from deteriorating loss trends, he warned.
The extent to which reinsurers are feeling – and are concerned about – this pain will be key in the direction the cyber insurance market takes next, with scope for secondary market tightening to drive primary players to make changes.
Whether it is the reinsurers or the market leaders which lead the charge in bringing the cyber market to the next stage in its maturity, arguably it is already overdue.
Insurance Insider delivers global wholesale, specialty, and (re)insurance intelligence that enables you to act first. Redeem your complimentary 14-day trial for more premium content from Insurance Insider.
Scan here to download the app