...and showing no signs of abating.
AM Best last week issued an unusually strongly worded report on the cyber market.
The ratings agency said that insurers “urgently need to reassess all aspects of their cyber risk”, that the market’s prospects were “grim” and the trend in defence and cost containment expenses is “disturbing”.
These are not the kinds of words that crop up in your run-of-the-mill ratings agency report.
AM Best’s warnings would not be exactly surprising to anyone who had a passing awareness of how the number of ransomware attacks has skyrocketed in recent years. But it was surprising for the alarm bells to be rung about the cyber market’s prospects so loudly.
AM Best pointed to the US cyber market’s loss ratio, which “rose dramatically” in 2020 to 67.8 percent, up from 44.8 percent the year before.
Insurers have reacted to the rising losses in recent years. Some have pulled back, such as Argo exiting writing large cyber risks in 2019 and then pulling out of SME business last year, MS Amlin stopping writing cyber insurance last year, and Axis in January revealing plans to curtail its appetite for primary cyber business in 2021.
This is despite rapidly hardening rates for cyber.
Willis Towers Watson in an April Marketplace Realities update forecast cyber rate increases of 25-50 percent. And this for a line that was bucking the general trend for rate increases as recently as 2019, a time when reductions were still the norm as insurers produced profitable loss ratios and chased the market’s rapidly growing premium.
Cyber direct written premiums are still growing impressively – up 22 percent to $2.7bn in 2020, according to AM Best – but now it is not just growing demand driving this, but the higher rates as well.
The problem for the market is that claims are growing at a faster rate. AM Best noted that premiums have grown an average of 20 percent annually in the past four years, far outpacing commercial lines as a whole. But the average growth in claims in that time has been 39.2 percent.
“Rapid growth is viewed with a healthy skepticism, as it comes with underwriting and reserving risks,” the ratings agency said.
AM Best noted that “2020 was the year of ransomware” but that “the trend has worsened thus far in 2021”, with recent high-profile events including SolarWinds, Microsoft Exchange, Colonial Pipeline, and many more.
The ratings agency’s report followed Fitch Ratings also recently warning about the cyber market in a report.
“The cyber market faced a reckoning in 2020, as loss experience deteriorated, particularly from an influx of ransomware incidents,” said Fitch managing director James Auden.
“While cyber premium rates are rising sharply, concerns remain that underwriters can successfully price this business longer term.”
The worst still to come?
The real reckoning for the market is probably yet to come, however.
Worryingly for the market, AM Best’s warnings mostly concerned what is currently happening in the market. But it also warned that the cyber insurance industry has yet to face a systemic event.
The industry is clearly well aware of this risk. For example, Arch Re group chairman and CEO Maamoun Rajeh told this publication in February that cyber could be a “widow maker for this industry”.
While the industry is well aware that it will get hit with a huge systemic cyber event at some point, it is less clear how prepared insurers are for this.
TransRe CEO Ken Brandt in April commented that the increasingly digitally connected world coupled with policy forms that are not consistent mean “the industry would have a real big mess on its hands if we had a systemic event in the near future”.
This view was echoed by a Government Accountability Office report on cyber insurance released last month that noted differing definitions for policy terms, such as “cyberterrorism”, “can lead to a lack of clarity on what is covered”.
All of this means it is clear that jacking up pricing further alone is probably not enough for the cyber market.
To their credit, insurers have made great strides in the past few years on focusing more on risk mitigation for their insureds.
But it is far from certain how this line of business will look in the future.
For continued access to market leading content click here to enquire about a subscription to The Insurer.
Scan here to download the app