BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Ransomware losses disrupt cyber liability market

cyber liability

COLORADO SPRINGS, Colorado – A rise in the number and size of ransomware losses since the end of 2019 is changing some insurers’ appetite for cyber liability insurance business and continues to lead to sharp rate hikes for coverage.

Insurers are restricting capacity and expect rate rises to continue in 2022 despite rates increasing sometimes by multiples over the past two years, brokerage and insurer executives say.

They were speaking during meetings at the Insurance Leadership Forum, sponsored by the Council of Insurance Brokers & Agents, which was held in Colorado Springs, Colorado, earlier this month.

Ransomware attacks began to climb in 2019 and prices for cyber liability will likely continue to rise in 2022 to reflect the increase in attacks, said Rotem Iram, CEO of At-Bay Inc., a San Francisco-based managing general agent that specializes in cyber liability coverage.

On average, rates have doubled since the surge in attacks began, and rising reinsurance costs will drive further rate hikes, he said.

Cyber liability rates have increased between 40% and 75% this year, said Robert Gadaleta, head of distribution for Hiscox USA in Atlanta, a unit of Hiscox Ltd.

In addition to increasing rates, insurers are restricting capacity.

Liberty Mutual reduced the size of its cyber liability book in recent years but still writes the business through its London market operations and specialty operations, said Tracy Ryan, Boston-based president, global risk solutions North America, at Liberty Mutual Insurance Co.

“We scaled back a couple of years ago, and we are still very prudent in making sure that we have our arms around the risk,” she said.

“Cyber is an area that we invested in because the risk is not going away,” said Kristof Terryn, CEO North America at Zurich Insurance Group Ltd. in Schaumburg, Illinois. “But the problem with cyber is that it’s such a rapidly evolving risk.”

Zurich provides limited cyber capacity and generally offers it to policyholders it has a wider relationship with, he said.

Since the beginning of 2021, Hiscox has elected to only write cyber liability for companies with less than $100 million in revenue and has stopped writing excess cyber liability business, Mr. Gadaleta said.

The limit on revenue helps reduce the insurer’s exposure and by writing primary only it avoids offering discounted excess rates for coverage layers that still see frequent losses, Mr. Gadaleta said.

“We don’t know where the burn layer ends with cyber yet,” he said.

At-Bay, which is reinsured by Munich Reinsurance Co. and its affiliate Hartford Steam Boiler Inspection and Insurance Co., can offer up to $10 million in cyber liability capacity but generally offers up to $5 million, Mr. Iram said. It imposes a sublimit on ransomware losses, usually $500,000, he said.

The company expects to report $160 million in premium in 2021 and $350 million in 2022, he said. In addition, At-Bay will deploy some of its own capital to support its underwriting next year and will expand the number of reinsurers it deals with, Mr. Iram said.

“We want to continue that rate of growth, and we need to show that we are taking part of the risk,” he said.

The overall capacity for cyber liability risks has been reduced but how much capacity insurers will be able to deploy next year will depend on the Jan. 1, 2022, reinsurance renewals, said John Eltham, head of commercial strategy and distribution at London-based brokerage Miller Insurance Services LLP.

“Towers can be hard to put together, but until 1/1 it’s hard to know,” Mr. Eltham said. Several insurers have imposed sublimits for ransomware and introduced other restrictions, such as requiring specific security measures as a condition for coverage, he said.

Miller is looking to expand its cyber business through the recent recruitment of Debbie Hobbs, who was previously the London-based cyber and technology practice leader for EmergIn Risk, a unit of Ryan Specialty Group Inc.





Read Next