Attacks create grim cyber insurance market: A.M. Best

Prospects for the cyber insurance market are grim, and insurers urgently need to reassess all aspects of their cyber risks, says A.M. Best Co., in a report issued Wednesday.

The report says to remain a viable long-term partner dealing with cyber risk, insurers must reassess aspects including their appetite, risk controls, modeling, stress testing and pricing.

The report says the cyber insurance market’s prospects are grim because of the rapid growth in exposure without adequate risk control; the growing sophistication of cybercriminals, who have exploited malware and cyber vulnerabilities faster than companies that may have been late in protecting themselves; and the far-reaching implications of cyber risks’ cascading effects, and the lack of geographic or commercial boundaries.

While the overall industry is well-capitalized, “individual insurers who venture into cyber risk without a thorough understanding of the market can find themselves in a vulnerable situation,” the report says.

Direct written premium for cyber insurance grew 22% in 2020, to $2.7 billion, which reflects increases in both rates and demand, the report says.

Stand-alone policies account for about 60% of premium, although package policies account for about 95% of policies in force, according to the report. 

Larger entities tend to purchase stand-alone coverage, while smaller and medium-sized enterprises may be satisfied with cyber coverage as part of a package, the report says.

Stand-alone policies’ higher growth rate “also indicates organizations’ escalating concerns about cyber risk and their strategic choice to purchase policies solely for cyber risk protection,” the report says.

Package policies, which provide coverage through commercial policy endorsements, “still appear to be the preferred way to market to (small and medium enterprises), which do not have the staffing to analyze cyber risk themselves and prefer to bundle their policies,” according to the report.

There was an average annual growth rate of 20% in premium, which far outpaces commercial lines overall, the report says. The average growth in claims has been 39.2%, which was driven primarily by stand-alone, first-party claims due mainly to the frequency of ransomware attacks, the report said.

The U.S. Government Accountability Office said in a report last month that cyber insurance’s continued availability and affordability “remains uncertain.”