Cyber Insurance Premiums Increase in 2019, Though Premium Growth Slows

A man in a suit drawing a digital graph on glass with the line increasing

July 23, 2020 |

A man in a suit drawing a digital graph on glass with the line increasing

Direct written premiums paid to US cyber insurers grew 11 percent year-over-year in 2019 to $2.25 billion, according to A.M. Best. Still, the rate of cyber insurance premium growth slowed for the fourth straight year.

In a new market segment report, Cyber Insurance: Profitability Less Certain as New Risks Emerge, A.M. Best notes that cyber insurance premium growth has slowed dramatically since 2016–2017 when direct premiums written grew more than 30 percent annually as the cyber risk landscape expanded and awareness of the risks increased.

The rating agency noted that protracted litigation has demonstrated the potential for cyber attacks to have a longer tail than expected. In addition, the frequency and severity of ransomware attacks have escalated, as have data breaches in the health care industry.

According to the report, standalone cyber policy premiums were up 14 percent in 2019, far more than the 7 percent increase in packaged cyber policies. A.M. Best said that distinction highlights organizations' escalating concerns about cyber risk and their strategic choice to purchase policies solely to protect against cyber risks.

Total cyber insurance claims have doubled since 2017 to approximately 18,000 in 2019, A.M. Best said, which could create pricing issues for insurers if rates can't keep up with the increasing frequency. In addition, standalone direct paid loss and defense and cost containment rose for the third straight year in 2019 to 32.5 percent from 23.1 percent in 2018.

The report suggests that A.M. Best's cyber insurance market figures are likely understated given lack of standardization in cyber policies and reporting, as well as the considerable usage of captive insurance companies and surplus lines insurers to write cyber coverage.

A.M. Best noted that insurers are making greater efforts to provide clarity and explicitly exclude cyber coverage in noncyber policies in an effort to reduce or eliminate so-called "silent cyber" exposures. Insurance buyers also are becoming more sophisticated, A.M. Best said, and are seeking separate cyber insurance coverage, as they don't want other risks such as directors and officers or property to eat into their aggregate coverage.

July 23, 2020