Cyber insurance growing, still fraction of industry revenuePosted On: Jul. 25, 2019 1:45 PM CST
Cyber insurance is a high-risk product, but insurers have generally taken a measured approach with the support of reinsurance, says a Moody’s Investors Service Inc. report released Thursday.
Direct cyber premiums written grew to $2 billion in 2018, with a cumulative annual growth rate of 26% since 2015, but they still account for less than 1% of U.S. industrywide premium revenue, according to the report by New York-based Moody’s.
The report says although 40 U.S. insurance groups underwrite cyber insurance as a stand-alone coverage, the market remains concentrated among the largest commercial insurers, with Chubb Ltd. and Axa SA accounting for 16.3% and 12.8% of the market, respectively.
“Growth prospects for cyber insurance are promising given the changing nature of the risk, the pervasiveness of technology, the value of insurance as a risk management tool and expanding regulation, all of which are driving demand for coverage,” said the report.
However, assessing aggregate insured cyber risk is complicated, and litigation will determine whether exclusions found in most traditional property/casualty policies can apply to cyberattacks, and who has the legal basis to sue for damages in cyberattacks that result in stolen personal information, said the report.
Meanwhile, in particular, insurers who write large national and multinational accounts are shifting cyber’s risk to stand-alone polices or implementing coyer sublimes or exclusions in traditional policies, the report said.
“Unique difficulties remain for underwriting cyber insurance,” said the report. “A lack of uniform policy wording and the evolving nature of risk constrain the growth of cyber insurance as a separate product,” it said.
“Potential risk accumulations are another challenge because the same event can affect multiple clients, particularly as companies move to cloud computing.”
Moody’s Corp. and Israeli cyber group Team8 launched a joint venture in June to assess how vulnerable businesses are to cyberattacks and create what they hope will become a global benchmark.