Cyber Turbulence Turns Focus Toward Reinsurance

In the ever-evolving landscape of cyber threats, the insurance landscape continues to be increasingly complex. A recent Gallagher Re report, titled 2024 Cyber Insurance Market Conditions Outlook: Cyber Market Stabilization and Lingering Turbulence, provides an analysis that offers insights for navigating the complexities of the current cyber-insurance market.

Market Dynamics and Trends

One key shift noted in the report is the softening of the cyber-insurance market in 2023, a departure from several years of rising premiums and capacity constriction. This unexpected development is attributed to several factors, including reduced claim activity, disciplined underwriting practices, and improved risk-mitigation techniques adopted by policyholders. Moving into 2024, the trend of stable or slightly decreased rates persists, aided by heightened competition among cyber insurers and increased capacity.

However, despite this stabilization, the report underscores the ongoing growth of cyber risks. Cyber claims and ransomware attacks, after a brief decline in 2022, returned to their anticipated growth curve throughout 2023. The July 2023 IBM-Ponemon Cost of a Data Breach study reveals a record-breaking average cost of $4.35 million for a data breach. Moreover, a study on cyber crimes in the third quarter of 2023 reported that 17 percent of ransomware breaches resulted in a ransom payment, with the median ransom paid being $158,000—highlighting the financial impact of cyber threats.

Global Events and Their Impact on Cyber Insurance

The invasion of Ukraine and the continuing conflict with Russia has brought attention to war exclusions. Ongoing geopolitical conflicts in nations possessing advanced cyber capabilities, where the risk of cyber spillover—whether intentional or not—could substantially impact cyber-insurance claims, have prompted cyber insurers to enhance policy wording.  There is emphasis on expanding exclusions and implementing sublimits for systemic events.  Many cyber insurers have adjusted policy wording due to the frequent occurrence of conflicts without formal declarations of war, according to Gallagher Re. 

Regulatory Changes, Privacy Laws, and Wrongful Data Collection

Another key factor shaping the cyber-insurance landscape is the constant evolution of regulatory changes and privacy laws. Unlawful data collection practices are under increasing scrutiny, resulting in adjustments to insurance policy exclusions. Stakeholders must navigate the intricate web of state, federal, and international privacy laws, with a particular focus on policy exclusions related to website tracking claims and specific privacy laws like the Biometric Information Privacy Act.  Policy language has increasingly addressed the financial aspects of regulatory investigations, settlements, fines, and penalties, according to the report.

Federal Response and the Role of AI

In response to growing cyber concerns, the United States has implemented the National Cybersecurity Strategy, outlining a multifaceted approach to threats. The Gallagher Re report explains the five key points encompass improving cyber defenses for critical infrastructure, disrupting threats, enhancing security standards for technology sold to organizations, funding cyber-security improvements, and building an international coalition to combat cyber crime. Additionally, an executive order issued in autumn 2023 focuses on responsible artificial intelligence (AI) use, improved procurement, accelerated hiring of AI professionals, and the establishment of an international framework for AI governance.

The report emphasizes that the emergence of AI is likely to amplify the already formidable cyber threat. Stakeholders across government, regulators, technology firms, and the insurance industry must collaborate to respond effectively to the rapidly evolving dangers in the cyber environment. Understanding the impact of AI is crucial before any attempts at managing its added risks can be successful.

Role of Reinsurance: Supporting Growth in the Cyber Market

Amid all these concerns, the role of reinsurance emerges as a critical component in the growth of the cyber-insurance market. More than half of the premiums collected by primary insurers now pass to reinsurers. Reinsurers are also exploring the realm of insurance-linked securities to support their current positions and open paths for expanded capacity in the future. The issuance of over $150 million in cyber-catastrophe bonds by two reinsurers exemplifies this trend, with expectations of more such investments in 2024 to meet the growing need for cyber insurance, according to Gallagher Re.

Market Growth and Preparedness

Looking ahead, in another recent report, The Future of Cyber (RE)insurance, Gallagher Re suggests that, at the current pace, the cyber-insurance market is anticipated to double in size every 3 years. This growth underscores the need for preparedness, extending beyond financial readiness. The creation of advanced modeling tools becomes essential to better forecast the frequency and severity of cyber attacks. Additionally, consideration of potential unintended consequences of early AI adoption by business leaders is crucial, as it could impact coverage beyond cyber insurance, reaching into areas such as directors and officers, employment practices, media liability, product liability, and professional errors and omissions policies.

As with any evolving situation, solid preparation and engagement will enable the cyber space to not only manage threats effectively but also provide the products required for continued growth.

 The Gallagher Re white paper was written by John Farley, managing director, Cyber Liability Practice.