What AM Best Says
Ransomware incidents help to fuel growth of cyber coverage.
- Best’s Review Staff
- September 2020
PANEL PARTICIPANTS: Upper row from left: Fred Eslami, AM Best; Sridhar Manyem, AM Best; Kara Owens, Markel. Lower row from left: John Weber, AM Best, and Catherine Mulligan, Aon.
Cyberrisk takes a variety of forms, but ransomware is taking center stage as the current leading exposure, panelists said in a recent AM Best presentation, The Current State of the Cyber Insurance Market. Losses from all cyberrisks, particularly ransomware, are rising in both frequency and severity, panelists said. Ransomware is evolving, with some cyber criminals expanding to auction off purloined data acquired through cyberattacks tied to ransomware.
Direct premiums written for U.S. cyber coverage reached $2.3 billion for 2019, up 11.9% from 2018. Stand-alone policies account for 55% and packaged policies account for 45% of that total, according to AM Best data. Chubb INA Group is the largest writer, followed by XL Reinsurance American Group (Axa XL), American International Group, Travelers Group and Beazley USA Insurance group. Hartford Insurance Group accounts for the most policies in force.
Fred Eslami, associate director, AM Best, said many cyber incidents have targeted municipalities, hospitals and health care facilities.
Insurers believe COVID-19-related closures, including working from home, could change the risk profile for cyberattacks but data is not available yet. “The sudden shift to working from home environments has shown exposure that's potentially out there, the vulnerabilities to systems and people,” said Catherine Mulligan, global head of cyber reinsurance solutions, Aon.
Reinsurers have shown an appetite for cyber coverage and are working to address issues of “silent cyber,” a situation in which insurers may be required to pay claims for cyber losses under policies that were not written for that purpose, Mulligan said. Reinsurance becomes an important tool as insurers transition their coverages to more cyber-specific language, a process that could take up to 24 months.
Kara Owens, managing director, global cyber underwriting, Markel Corp., said several nation/states have been implicated in hacking and cyberattacks, with research into possible cures or vaccines for COVID-19 becoming a recent target.
Sridhar Manyem, director, AM Best, compared cyber viruses to the coronavirus, noting cyber viruses could move even faster and affect a greater geographic area in a shorter time.
Cyber incidents could also trigger a range of coverages, such as business interruption, trade credit, directors &officers liability and allied lines, he said.
Technologists and modelers continue to focus on cyber, building tools and models for applicants and underwriters. Technology has allowed insurers to simplify application processes and gather underwriting data less intrusively, Owens said. “Before, there were very lengthy cyber applications with an overwhelming number of questions.”
Aggregation risk—the possibility that insurers could be overwhelmed by a far-reaching incident or series of incidents—remains a concern for insurers and reinsurers. Manyem said AM Best has conducted its own exercises to measure possible aggregation risk, as has Lloyd's and risk modelers.
Regulators worldwide have increased penalties for cyber-related failings. Changes include the European Union's General Data Protection Regulation, along with increased regulatory standards in Canada, Brazil, New Zealand, Singapore, China, India and elsewhere, Owens said. In the United States, New York and California have been active in setting standards for electronic privacy and data protection.
As cyber coverage continues to grow, one likely scenario is investors will show interest in collateralized reinsurance coverages, Mulligan said. “There's a feeling that ILS (insurance-linked securities) is a natural home for something like cyber.”