The GB cyber insurance market has continued to follow the trends that first emerged in 2021. In addition, the challenges presented by the Russia/Ukraine conflict have brought policy coverage into greater focus.
In particular:
This update is a general overview of these key developments, analysing the current conditions in the GB Cyber insurance market for both international and domestic companies. The analysis is based on our own observations of the market and uses WTW proprietary data unless otherwise stated.
Several insurers continued to reduce their capacity and/or tighten their underwriting requirements to manage their exposure and avoid the risk of aggregation of losses from one widespread incident. As such, securing capacity within the first USD/GBP/EUR50m of capacity continued to be challenging, albeit competition for such attachments continues to increase.
Insurers were increasingly willing to only offer capacity for risks fitting squarely within their appetite in terms of the quality of cyber security controls, with the perceived adequacy of the same being key to the appetite of insurers.
Some insurers are exercising additional caution before offering new business capacity to accounts that could be considered at increased risk from the Russia/Ukraine conflict, such as telecommunications, financial institutions and critical national infrastructure.
Premium increases also followed on excess layers with percentages exceeding those for the primary layer. This reduced the premium discount on those excess layers compared to the primary.
Insurers remain focused on self-insured retentions being set at a level they deem adequate for the scale of the account in question. This has resulted in many accounts renewing in Q1 2022 experiencing a self-insured retention increase in-line with accounts in H2 2021 (i.e. often in excess of 100%).
Insurers remain very focused on systemic risk. Many are considering how they will manage this. One major global insurer has already implemented a sub-limit approach for systemic loss events. Further developments in this space are expected during 2022.
The conflict in Ukraine has led to an acceleration by insurers in reviewing their approach to war exclusionary language, which has a very close link to systemic risk. During Q1, insurers’ approach to the war exclusion fell into the following categories:
Insurers continue to utilise ransomware coinsurance and/or sub-limits where they are not satisfied that a client’s security meets the insurer(s) own minimum standards, with some not willing to consider offering cyber coverage if their standards are not met. Insurers’ views on minimum controls have increasingly varied levels of flexibility, giving clients the opportunity to advocate for their approach with the support of their broker
The ransomware pandemic (as coined by AGCS)1. is still with us at this juncture, with 44% of respondents to their Risk Barometer 2022 citing cyber incidents as their biggest concern2.
However, in slightly more positive news Coveware in their recently released Q4 20213. ransomware update, called out the cyber insurance renewal process is one of the four positive developments aggregating pressure on the rise of ransomware attacks, resulting in the attacks being more costly to execute.
Coveware also commented that:
The continuing trend of data exfiltration is a key consideration with a ransomware event then impacting both a client’s business operations (incident response, recovery, first party business interruption & ransom payment) but also its liabilities to the data subjects and any relevant regulators.
Insurers are increasingly requiring clients to make written cyber submissions in addition to presentation meetings. They also require clients to have minimum cyber security controls in place before offering renewal or new capacity. In Q1 2022 two major cyber insurers have already updated their ransomware questionnaires to include a significant number of additional questions, which the insurers in question state the aim of its to reduce the number of follow up questions clients regularly receive in response to their initial written & oral renewal/new business submissions.
1 https://www.agcs.allianz.com/news-and-insights/news/cyber-risk-trends-2021-press.html
2 https://www.agcs.allianz.com/news-and-insights/news/cyber-risk-trends-2021-press.html
3 https://www.coveware.com/blog/2022/2/2/law-enforcement-pressure-forces-ransomware-groupsto-refine-tactics-in-q4-2021
Willis Towers Watson offers insurance-related services through its appropriately licensed and authorized companies in each country in which Willis Towers Watson operates. For further authorization and regulatory details about our Willis Towers Watson legal entities, operating in your country, please refer to our Willis Towers Watson website. It is a regulatory requirement for us to consider our local licensing requirements.