Q1 2024
This is a quarterly update of the GB cyber insurance market in Q1 2024, providing analysis and insights for buyers and stakeholders, covering market trends, pricing, capacity, coverage, claims, and notable cyber incidents, and highlighting favourable conditions and opportunities for cyber insurance purchasers.
Q1 2024 saw very strong competition from insurers to deploy capacity on both primary and excess layers. Such market conditions have provided existing cyber insurance buyers with a range of options to purchase increased policy limits.
During Q1, established global cyber insurer Brit launched their “Cyber First50” offering, with capacity of up to USD50m, which has been developed to serve large institutional clients.
USD10m remains a more common average amount of capacity offered per insurer, with some insurers now offering limits/capacity more than USD10m.
WTW’s CyXS facility continues to serve new clients during Q1 with some existing clients increasing CyXS limits and/or utilising the automatically available CyXS Restore (reinstatement) function.
The CyXS facility is now able to offer limits of up to USD/GBP75m and can also now offer Cyber Property Damage cover, both of which will offer further risk transfer options to our clients.
WTW is very proud to unveil our International CyCore Facility (ICF) aimed at international clients headquartered outside of GB and US, offering primary capacity of up to USD 20 million (Or CCY equivalent) in primary coverage with a single lead insurer.
Double digit premium reductions were often available during Q1 2024; however, this is not the default position and was influenced by several factors, particularly the existing premium level.
There were exceptions to these trends, such as placements where risk controls were perceived as insufficient, there has been claims activity, or increasingly where the current pricing was inadequate if such a discount in premiums was granted. We are seeing some insurers (including incumbents) walk away from business due to their concerns regarding price adequacy, a trend which we are monitoring closely.
In terms of self-insured retentions, insurers have generally been willing to provide alternative lower options/structures, particularly where this mitigates the level of premium reduction (trading a lower retention for a more modest premium reduction).
Overall, the cyber insurance market during Q1 2024 was a very favourable environment for buyer and thus now is a great time for new cyber insurance buyers to benefit from these conditions.
During Q1 WTW had a new war exclusion approved by the Lloyd’s Market Association (LMA), which has provided a meaningful new option for our clients across the globe already, owing to its straight-forward structure and language.
Coverage for supply chain business interruption risk has remained a key area of focus for our clients during Q1 2024, against a backdrop such supply chain events continuing to surface in the public domain.
By way of an example, the February 2024 cyberattack on the US billing and payment colossus Change Healthcare highlighted such supply chain risk and chokepoints. The ransomware attack on the US’s largest clearinghouse, which handles a third of all patient records, had widespread effects. Fixes and workarounds have alleviated some distress, but providers are still unable to collect billions of dollars in payments. Many smaller hospitals and medical offices are still having trouble getting paid more than a month after Change was first forced to shut down many of its systems. For more insight into this incident please see our Client Alert.
The recently published WTW 2024 Cyber Claims Analysis report notes various insights such as:
About 57,000 Bank of America customers are being warned that their personal information may have been exposed during a November cyberattack on bank service provider Infosys McCamish Systems, impacted customers were only made aware in February 2024 – another supply chain risk.[1]
Microsoft’s security team detected a nation-state attack on their corporate systems on January 12, 2024. Microsoft identified the threat actor as Midnight Blissard, the Russian state-sponsored actor, who accessed some Microsoft corporate email accounts, including members of their senior leadership team and employees in their cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents.[2]
An impact on the clearinghouse resulting in the delay in payments running into billions of dollars and widespread impact to care providers and patients across the United States.[3]