Cyber Insurance Market Grows with Continued Pricing Uncertainty

Man holding virtual blue safe with lock icon and dial and the words CYBER INSURANCE in glass above a desk in an office

May 22, 2018 |

Man holding virtual blue safe with lock icon and dial and the words CYBER INSURANCE in glass above a desk in an office

The US market for cyber insurance grew significantly in 2017, as direct premiums written rose nearly 32 percent year over year to $1.8 billion and policies in force jumped 24 percent to $2.6 million, according to A.M. Best. However, despite the growth, the cyber insurance take-up rate remains low, particularly among small- to medium-sized enterprises.

According to A.M. Best, the cyber insurance market represents a meaningful growth opportunity for insurers, given that the take-up rate for small- to medium-sized companies remains in the low teens. These companies generally remain complacent about their exposure to cyber-related events, such as data breaches and system failures, and underestimate the potential for business interruption. On the other hand, national accounts and Fortune 500 companies, particularly companies at greater risk such as financial institutions and healthcare companies, are increasing cyber coverage.

In 2017, cyber packaged policies in force increased 28 percent for the US property/casualty industry (excluding nonUS and alien surplus lines insurers that do not have to file), following a year when standalone cyber insurance policies grew significantly. A.M. Best believes the rise in packaged policies is partly due to the addition of affirmative cyber coverage (i.e., when perils are explicitly included or excluded) to commercial policies, as well as insurers reclassifying policies for financial reporting purposes. Standalone policies in this population declined 32 percent in 2017, as businesses likely migrated to less expensive packaged policies.

A lack of historical experience and tested cyber exposure models continue to add to the uncertainty of underwriting cyber insurance, according to A.M. Best. Pricing sophistication varies significantly by insurer, with some using simplistic pricing based on expected losses, while others have much more sophisticated algorithms. Although a systemic event remains the top threat for cyber insurers, underpricing from new market entrants also should remain a concern.

"At this point, underwriting and pricing are driven more by market forces than by loss experience and models," said Bobby Skrabal, an A.M. Best industry analyst. "As insurers develop more experience, they'll improve their pricing models, but due to the constantly changing nature of cyber threats, pricing will most likely continue to rely on the judgment of underwriters."

A.M. Best also found the following.

  • The total number of cyber claims increased in 2017 to 9,017 from 5,955 in 2016, with packaged policies constituting 56.3 percent of the claims and standalone policies making up the remaining 43.7 percent.

  • Chubb INA Group was the top cyber insurer in 2017, rising past American International Group and XL Catlin America Group, with $284.4 million in cyber direct premiums written, the majority of which were for packaged policies.

  • For a third-straight year, The Hartford Insurance Group held the most cyber policies in force at year-end, with more than half a million.

Although the premium and policy increases in 2017 are material, A.M. Best believes they do very little to close the protection gap. However, with the increasing automation and awareness of this risk, demand for cyber insurance will continue to grow. Cyber insurance capacity is ample, and is likely to increase over the next few years, as the line's current reported profitability should attract new market entrants.

"Cyber events are difficult to see, predict, or detect—companies may not even be aware that an event has taken place—and once one has occurred, it is difficult to ascertain how far and wide they will spread," said Fred Eslami, an associate director at A.M. Best. "They are becoming increasingly more frequent and more severe, and as insurers expand their cyber offerings, they will need to be prudent in exercising appropriate risk management and mitigation measures to ensure that these exposures remain aligned with the company's stated goals and objectives."

Copyright © 2018 A.M. Best Company, Inc. and/or its affiliates ALL RIGHTS RESERVED

May 22, 2018