Sharply Rising Premiums Should Boost Cyber Insurers' Performance

The cyber-insurance market continues to expand as premiums rise sharply and insurers remain committed to the market, despite their loss experience due to rising claims, according to Fitch Ratings.

Cyber insurers' performance will likely rebound, Fitch said, given the price increases along with tighter underwriting standards. Still, the cyber-insurance segment's loss experience will likely remain more volatile than that of other property-casualty lines.

"Cyber risk is a growing critical concern for organizations and public entities globally, as utilization and dependence on information technology and digital devices expand," a Fitch statement said. "Threats from network intrusions, malware, and phishing activity continue unabated. Recent growth in ransomware incidents provide a need for new protection and defensive tactics."

Property-casualty insurance companies are a valuable resource for businesses looking to address cyber risk, Fitch said. In addition to the indemnification they provide against liability and other losses, the insurers provide policyholder risk assessment and mitigation services, along with loss remediation and recovery assistance following cyber events.

Fitch said annual cyber insurance premiums are estimated at $8 billion to $10 billion. Industry experts expect that annual premium to reach $22.5 billion by 2025, the rating agency said, as demand for coverage expands as the recognition of threats grows. The United States is the largest cyber-insurance market, Fitch said, with $5 billion in statutory direct written premiums and 74 percent annual premium growth in 2021.

"Measuring cumulative loss risk for a cyber portfolio is challenging, as risk may be concentrated in a small group of vendors or software, and is not restricted by geography," Fitch said. "Larger losses led insurers to revise underwriting policy guidelines, raise policy retentions, and review policy limits and language to help manage and mitigate systemic exposures.”

Core infrastructure vulnerable to cyber attacks are a potential source of large losses, Fitch said, adding to the demand for protection and risk mitigation.