Cyber insurers raise rates amid costly hacks
Insurers have dramatically increased cyber cover premiums in 2021 as a series of high-profile attacks and government actions helped drive demand for the products, according to data gathered by industry bodies. .
Direct written premiums collected by the largest U.S. insurance companies in 2021 rose 92% year-over-year, according to information submitted to the National Association of Insurance Commissioners, an industry watchdog, and compiled by rating companies.
Analysts say the increase mainly reflects higher rates, rather than insurers dramatically increasing the amount of money they are willing to cover.
“The amount of rates generated in this market is quite astonishing, just in terms of percentages,” said Tim Zawacki, senior research analyst at S&P Global. Inc.
market intelligence activity.
Price increases have helped the U.S. cyberinsurance industry reduce its direct loss ratio, or the percentage of its revenue it pays out to claimants, to 65.4% in 2021 from a record high of 72.5% in 2020. However, this figure is still far higher than the 2019 direct loss ratio of 47.1%.
The sometimes drastic rate increases reflect a realignment of a relatively new and rapidly maturing market, executives say, indicating that the insurance industry is tackling cyber risk pricing.
“Cyber risk insurance premiums are being adjusted after many years of weaker market conditions despite an evolution in cyber underwriting,” said Jack Kudale, chief executive of insurer Cowbell Cyber Inc. based in Pleasanton, CA.
Part of the reset includes tougher criteria for those applying for coverage, an approach the White House has applauded as it makes a broader effort to bolster private sector security. Many carriers now require potential customers to demonstrate that they practice at least basic cyber hygiene, including measures such as multi-factor authentication.
“Now, if you can’t demonstrate some basic controls, the vast majority of the market is going to say no,” said Adam Lantrip, senior vice president and practice leader of business and cyber solutions at insurance brokerage CAC. Specialties.
Market turmoil kicked into high gear after the Colonial Pipeline Co. hack in May 2021, insurance experts say. The incident highlighted a wave of costly ransomware attacks that disrupted businesses and sparked a wave of new cyber regulations from Washington.
In addition to the price spike last year, Lantrip said, many carriers have reduced what their policies cover. This translated into companies needing more policies — and filing more paperwork — to maintain the same dollar amount of coverage.
Mr. Lantrip’s company now expects four to six months for its customers to clear all the hurdles necessary to renew their plans.
“It almost gets to a point where deals never get to bed,” Lantrip said.
As the insurance industry has adjusted to the risk of criminal hacking groups in recent months, some carriers have also moved to clarify act of war exclusions for conflicts such as the invasion of Ukraine by Russia. The Lloyd’s Market Association, a trade group, in November proposed new wording to exclude cyber threats from P&C policies.
The precise wording of these exclusions – and how they are interpreted in court – could prove costly for insurers or companies, as more and more armed conflicts spill over into the digital realm.
While the war in Ukraine has included a series of mostly low-impact cyberattacks by Kremlin-linked hackers, security experts warn that operations by non-state actors on both sides of the conflict could widen the legal gray area around what is and is not covered by Insurance.
“You don’t always know what a war is these days,” said Jon Bateman, senior researcher in the Technology and International Affairs program at the Carnegie Endowment for International Peace. “There are different appetites within the insurance community as to how much exposure to state-sponsored cyber risk they are willing to take on.”
Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8