Ransomware Becomes Most Sought-After Cyber-Insurance Coverage

Blueprint style abstract with the word ransomware centered above a broken white key with graphic drawings in background

October 25, 2021

Blueprint style abstract with the word ransomware centered above a broken white key with graphic drawings in background

While coverage for cyber extortion or ransomware has surpassed cyber-related business interruption as the most sought-after cyber-insurance coverage, cyber-insurance underwriters are being cautious about covering cyber extortion, a new survey found.

The global cyber survey from PartnerRe and Advisen found that 86 percent of survey respondents ranked cyber extortion/ransom in the top three cyber coverages buyers were interested in purchasing. Cyber extortion/ransom rose 26 percentage points to take the top spot in this year's survey.

Last year's top-ranked risk, cyber-related business interruption, ranked second, with 67 percent of respondents ranking it in their top three. Prior to this year's survey, it had held the top spot for 3 straight years.

The remaining top 10 cyber-insurance coverages buyers are interested in purchasing, in order, in this year's survey were funds transfer/social engineering, data breach—first-party expenses, data restoration, cyber-related dependent business interruption, system failure coverage, regulatory fines/penalties, reputational harm, Internet media liability, cyber-related bodily injury and/or physical damage, and other.

This was the eighth year that PartnerRe and Advisen conducted their global cyber-market survey. This year's survey drew responses from 264 cyber-insurance brokers and agents and 112 cyber-insurance underwriters.

"As many in the market will have observed from own experience and headlines, the frequency of extortion/ransom losses has increased. Result, the cyber market has hardened," Christopher McEvoy, head of global cyber risk at PartnerRe, said in the survey report. "With headline events reported as being far and away the main driver of cyber sales, it's no surprise that higher limits are being sought and extortion/ransom has overtaken cyber-related business interruption as the most requested coverage."

According to Mr. McEvoy, the survey also showed that cyber insurers' underwriting has become more disciplined, including an increased focus on analyzing and modeling systemic exposures and most underwriters looking at extortion/ransom solutions that require coinsurance of the buyer.

Indeed, the survey found that 23 percent of underwriters prefer to exclude coverage for cyber extortion, and nearly half require coinsurance of the buyer in order to provide the coverage. And 95 percent of underwriters surveyed said they analyze the systemic exposures in their cyber portfolios; 76 percent reported they actively manage their cyber-risk aggregation.

In addition, the report found that underwriters are expecting insurance buyers to do more to demonstrate improvements in their cyber security in order to obtain coverage, Mr. McEvoy said.

"Looking forward, coverage evolution, particularly the refining of extortion coverage, will be important for the product to remain viable, especially in the United States and Europe," Mr. McEvoy said.

The survey found that sectors bringing the most new-to-market buyers to the stand-alone cyber-insurance market include, in order, manufacturing/industrials, professional services, information technology, health care, financial services/insurance, government and nonprofit, energy/utilities, education, retail/point of sale, and other.

As high-profile cyber attacks dominate the headlines, news of cyber-related losses experienced by others remained the top driver of cyber-insurance sales in this year's survey, a position it had held for the past 3 years, though increasing its lead by 14 percentage points this year.

Other top factors motivating buyers to purchase cyber insurance included, in order, experiencing a cyber-related loss, requirements by third parties such as customers, increased education, board or senior management demand, regulatory changes, risk mitigation services, breadth of coverage, cost, good salespeople, and other.

More than half of survey respondents, 53 percent, reported frequent demand from buyers for higher limits for all requested coverages. According to the survey, buyers most frequently seek higher limits for cyber extortion/ransom, cyber-related business interruption, funds transfer fraud/social engineering, data breach—first-party expenses, and cyber-related dependent business interruption.

Respondents also reported buyer interest in cyber-related property damage or bodily injury coverage decreasing, with 47 percent of those surveyed this year reporting they rarely/never receive a request for the coverage, up from 36 percent who reported rarely/never receiving a request for cyber-related property damage or bodily injury coverage last year.

The survey showed respondents split in their opinions on whether cyber-related property damage belongs in the cyber-insurance policy or the property policy. Among underwriter respondents, 68 percent indicated they prefer the risk be covered in the property policy, while 55 percent of brokers responding preferred the risk be covered as part of cyber insurance.

The survey also showed the importance of reinsurance as a risk management tool in the cyber-insurance market, with more than half of respondents who place reinsurance reporting an increase in requests for reinsurance.

On the flip side, the survey showed the areas of cyber-insurance coverage for which buyers were most likely to consider reduced limits or exclusions in return for premium savings included Internet media liability, cyber-related bodily injury and/or physical damage, reputational harm, cyber-related dependent business interruption, and system failure coverage.

In terms of obstacles to buyers purchasing cyber insurance, 65 percent of survey respondents cited buyers not understanding exposures, while 59 percent cited cost, and 50 percent cited not understanding coverage.

Other top obstacles to selling cyber insurance mentioned by respondents to the PartnerRe/Advisen survey included, in order, the application process, capacity constraints in the market, different policy forms/coverages in the market, the lack of value-added products and services, and the scope of coverage.

The survey did find that respondents believe clarity continues to increase in cyber-insurance policies, with 70 percent reporting that coverage overlap between cyber insurance and other policies has stayed the same or decreased. While 25 percent of those participating in this year's PartnerRe/Advisen global cyber survey indicated they believe overlap between cyber and other policies has increased, that's significantly down from 51 percent in 2018, according to the survey report.

October 25, 2021