GB Cyber Insurance Market Update H1 2023

Executive Summary

This update is a general overview of the key developments in the GB cyber insurance market; we will analyse the current conditions for WTW clients both international and UK based companies using the London insurance market to transfer risk.

During H1 2023 the GB cyber insurance market continued its transition into a buyer’s market with increased levels of competition between insurers.

In particular:

• Improved buying conditions throughout H1 with increasing momentum up to 1 July renewal period. Most segments of the cyber market benefited from improved rates, pricing and number of options available;
• Cyber market insurers offering larger amounts of capacity more frequently, with more insurers seeking to offer capacity on a primary basis than we have witnessed in the last 24 months, due to increased commerciality;
• Clients more frequently achieved material pricing reductions, with reductions of 10-30% becoming more commonplace;
• Policy retentions/excesses were generally stable but insurers showed greater willingness to offer lower retention options;
• Policy coverage, particularly war and infrastructure exclusions in particular are at the forefront of cyber reinsurers discussions, but direct insurers are increasingly showing flexibility regarding such exclusions due to the competitive market conditions
• Provision of clear underwriting information, especially context around cyber risk controls, remain key as insurers show increased willingness to consider improvements planned but not yet in place in order to offer capacity and/or improved pricing;
• Cyber claims notification frequency increased in the first half of 2023, with third party data breaches and ransomware being the main culprits

All of these key developments will be covered within this update.

Cyber insurance market capacity

H1 2023 has seen very strong competition from insurers to deploy capacity on both primary and excess layers, with a notable increase in the number of insurers competing for primary positions, with one of the most recent new primary offerings including premium and excess reductions (of up to 30%) for clients who share cloud environment insights with underwriters, where at least 50% of the client’s technology infrastructure is public cloud-based.

Market conditions have provided existing cyber insurance buyers with options to purchase increased policy limits and where renewal savings have been generated, clients are increasingly using these savings to purchase additional capacity and/or WTW’s Restore (reinstatement) function via our CyXS excess facility.

USD10m remains a common average amount of capacity offered per insurer, with some insurers now offering limits/capacity in excess of USD10m.

WTW new excess layer facility “CyXS”, offering up to USD/GBP/EUR 50m of excess capacity, has already been utilised by some of our clients in Q1 2023 as part of achieving the aforementioned optimum results, with a number also purchasing the CyXS restore function, which provides the option to purchase a reinstatement of limit at pre-set pricing, giving further options for clients to consider as programmes are being restructured with increasing regularity.

Premiums and Self-insured retentions

Pricing in H1 2023 has been more stable than H2 2022, removing exceptionally high and/or low pricing, relative to the placement in question and pricing reductions were achieved with increasing regularity.

Reductions of around 10-30% were often available during H1 2023, however this is not the default position and was influenced by a number of factors, such as the existing premium level, and total limit purchased as these can impact the level of opportunity for restructuring placements.

There were exceptions to the trends outlined above, but these were generally confined to placements where risk controls were perceived as insufficient, there had been claims activity, or where the current pricing was considered too low/inadequate.

In terms of self-insured retentions, these were more stable than they have been in the last 12-24 months and insurers have generally been willing to provide alternative lower options/structures, particularly where they are competing to secure new business.

Buyers who see pricing as a key consideration will need to navigate the market with a well thought out strategy (hand-in-hand with their broker) to ensure the best results are achieved, including factoring-in any other key priorities, such as cover enhancements, self-insured retention structures, local policies and the like, as these may well impact the overall strategy.

Policy Coverage

The hot topic during H1 2023 has been the war exclusion, particularly since Lloyd’s of London (“Lloyd’s”) market bulletin of 16 August 2022 came into effect on 31st March 2023^[1], and more recent stipulation from Lloyd’s that its markets must attest regarding the war exclusions they are writing business on.

WTW’s Global Head of Cyber Coverage Andrew Hill has authored the report ‘War exclusions in cyber policies; the important details’, that addresses the controversy, misconceptions, ‘traditional’ war exclusions vs Lloyd’s model war clauses and more.

The proliferation of approaches adopted by different insurers to war exclusions has brought into sharper focus the value of a clear and accurate broking advisory service. In many cases, any analysis which sets out to demonstrate one war exclusion is ‘better’ than another exclusion risks overlooking the finer nuances of such a comparison.

WTW firmly believes that its approach of breaking down complexity puts the client at the centre of the decision-making process and gives client’s confidence that the solution being purchased delivers value.

Given the lack of consensus amongst insurers regarding war exclusions they will or will not support, it is important to factor such considerations into your renewal/purchasing strategy with your broker at the start of the process.

Claims and Notifications

We have observed that cloud exploitation grew by 95% during 2022 according to CrowdStrike’s global threat report, with threat actors utilising sophisticated techniques to move laterally, evade defences and collect data according the Crowdstrike.^[2]

Given the highly changeable claims trends throughout 2021, 2022 and into 2023, it feels prudent to expect the unexpected. Existing cyber insurance buyers continue to take advantage of a more favourable market in order to purchase additional limits and therefore, many businesses who do not purchase coverage will seek to do so during H2 2023.

• Cyber risk governance
• Incident response and preparedness
• Cyber insurance

Key Findings:

The key findings of the survey revealed that Cyber Attacks, Data Loss, and Cyber Extortion were ranked as the top three cyber risks facing Directors and Officers for the second year in a row. This highlights the need for businesses to have a comprehensive cyber risk management plan in place.

1. The report highlights the improved focus on Cyber Risk Governance, increased senior level engagement and regular reporting on the oversight and management of cyber risk issues;
2. Organisations recognise the need for investment in cyber and data security on ongoing basis to keep pace with the dynamic risk environment. These investments should continue to encompass people, process and technology;
3. Organisations increasingly recognise the importance of Cyber Incident Preparedness and Testing. A comprehensive and tested response plan is critical for minimizing the impact of a cyber-attack.
4. Finally, the report highlights that Cyber Insurance remains a key part of the organisations cyber risk management plan both now and in the future. Cyber insurance can help businesses mitigate the financial impact of a cyber-attack and provide access to resources and expertise to help prevent and respond to cyber incidents.

Footnotes

1. Lloyd’s Bulletin Return to article undo
2. Crowdstrike Return to article undo