This update is a general overview of the key developments in the GB cyber insurance market; we will analyse the current conditions for both international and UK based companies using the London insurance market to transfer risk.
During the second half of 2022 the GB cyber insurance market saw continued improvements with increased stability and a greater frequency of competition among insurer.
In particular:
All of these key developments will be covered within this update:
New insurer capacity entered the market in the second half of 2022 contributing to Improved buying conditions for our clients.
There was increased competition from insurers to deploy capacity on both primary and excess layers, with a notable increase in the number of insurers available. This provided the option for existing cyber insurance buyers to purchase increased policy limits, a trend which was especially prevalent where the buyers placement was materially affected by a reduction in capacity during the hard market conditions experienced in 2021.
Whilst companies must still show a high level of risk controls in key areas, insurers are demonstrating more flexibility where clients can provide the necessary context to explain any perceived lack of necessary controls. Insurers are adopting a ‘can do’ approach more often and are less demanding of the controls a client must have.
Further new capacity is likely to enter the cyber market in 2023 with a number of insurers identifying cyber as a key area of growth given the demand for cyber insurance capacity from both existing and new buyers.
We anticipate that insurers will offer bigger limits of capacity, with USD10m remaining a common average and with some insurers returning to pre-‘hard market’ levels offering limits/capacity in excess of USD10m. Cyber buyers must utilise this increased flexibility and competition in order achieve the best placement results.
WTW has sought to take advantage of the capacity evolution by launching a new excess layer facility “CyXS”, offering up to USD/GBP/EUR 50m of excess capacity that can help clients achieve capacity, efficiency and coverage consistency. This solution seeks to meet the demands of both cyber insurance buyers and insurers by more closely aligning these parties and delivering additional benefits such as the CyXS Restore function, which provides the option to purchase a reinstatement of limit.
Whilst insurers continued to focus on rate adequacy (i.e. the premium commensurate with the level of risk) and sustainable pricing, generally companies renewing their programmes in H2 obtained increasingly positive outcomes, particularly in Q4 where the level of market competition for business was the strongest we have observed since 2019 and H1 2020.
In Q4 single digit increases or flat renewals were much more common, with pricing reductions being achieved with increasing regularity, particularly where a client had witnessed a sharp pricing increase during the 2021 hard market.
The positive changes in market conditions are largely due to insurers having improved the profile of their portfolios during 2021 and 2022, resulting in an improved claims position. These changes have facilitated growth and increased market competition.
There were some exceptions to the pricing trends outlined above, but these were generally confined to placements where a company’s risk controls were perceived as insufficient, there had been claims activity, or where the current pricing was still perceived as too low/inadequate.
In terms of self-insured retentions, these have also stabilised. Those adopted by an increasing percentage of clients renewing in H2 have been seen by insurers as adequate and, in some cases, insurers have been willing to provide alternative retention options/structures, particularly where they are competing to secure new business.
We expect pricing in 2023 to become increasingly less volatile, removing exceptionally high and/or low pricing, relative to the placement in question. This trend has already commenced in H2 2022 and we expect it will continue throughout 2023.
With this in mind, we expect some clients will be able to achieve material pricing reductions (10-20% or more), however this will not be the default position and will be influenced by a number of factors, including the amount of capacity purchased, as this will create differing levels of opportunity for restructuring placements.
Buyers who see pricing as a key consideration will need to navigate the market with a well thought out strategy (hand-in-hand with their broker) to ensure the best results are achieved, including factoring-in the amount of capacity they wish to purchase, as this may well impact the overall strategy.
We expect in general that self-insured retention levels will continue to stabilise, and that an increasing number of buyers may have attractive options (most likely from a competing non-incumbent market) to select a lower retention level.
Insurers remain focused on systemic risk issues with different approaches to address this now being adopted. These strategic directions are still relatively new, with the most recent change from Beazley only taking effect from 1st January 2023.
How these changes will impact market dynamics is not yet known, particularly clients’ reaction to the cover revisions proposed and also the reaction of the rest of the cyber market in formulating their own strategies to manage systemic risk exposures.
Lloyd’s of London (“Lloyd’s”) issued a market bulletin on 16 August 2022, which outlined its minimum requirements with respect to nation state cyber-attack exclusions1. Lloyds syndicates are required to comply with these requirements for business incepting on or beyond 31st March 2023, however this directive has already impacted H2 2022 business, given insurers market-wide focus on systemic risk. Our recent client alert explores the impact of that bulletin on standalone cyber policies, where the devil is very much in the detail.
Ransomware coverage restrictions in the guise of coinsurance and/or sub-limits continue to be less prevalent for business placed in H2 2022, and there continues to be increased flexibility regarding the need to retain (or introduce) such restrictions, where sufficient compensating controls are in place.
We expect insurers potentially differing approaches to managing systemic risk will have a direct linkage to clients desire to retain (or add) the insurer(s) in question to their cyber insurance placement, and such differing approaches may well lead to attrition (insurers being replaced by another competitor) in this respect.
Our Q3 GB Cyber Insurance Market Update2 details how the strategies concerning systemic risk already differ between two global cyber insurers, and how these will likely be more or less attractive to cyber insurance clients, therefore we will continue to monitor War exclusions, Terrorism exclusions and other exclusions and clauses that pertain to systemic cyber risk issues very carefully.
We expect that ransomware coverage restrictions will be applied on a less frequent basis due to the general increasing cyber control maturity demonstrated by clients, and the greater understanding demonstrated by clients regarding the efficacy/rationale for alternative approaches and relevant context.
We have observed the following trends in H2 2022:
One market-leading global cyber insurer (CFC) note that while 2022 v 2021 ransomware claim frequency is down 24%, the average ransomware demands continue to climb, citing threat actors increasingly targeting middle market segment, allowing for higher demands under the threat of data exfiltration. CFC further comment that ransomware events continue to account for 70% of their cyber claims costs incurred4.
AGCS’ report Cyber: The changing threat landscape details the increasing severity in part due to the tactics of double or triple extortion “The cost of ransomware attacks has increased as criminals have targeted larger companies, critical infrastructure and supply chains,” explains Rishi Baviskar, Global Cyber Experts Leader, Risk Consulting, AGCS. “Costs have also risen as criminals have honed their tactics and found ways to extort more money from their victims. Double or triple extortion, which can dramatically increase the cost of an attack, is now the norm.”5
As bad actors seek bigger rewards, should claim frequency (particularly ransomware events) continue at the recently observed lower levels of frequency, we expect the trend of successful events causing increasingly higher levels of financial impact to continue.
Insurers will continue to monitor closely any potential systemic events and should such an event or events occur this could materially impact insurers strategies concerning capacity deployment, coverage and pricing.
Given the highly changeable claims trends throughout 2021 and 2022, it feels prudent to expect the unexpected, which WTW expects will result in existing cyber insurance buyers taking advantage of a more favourable market to purchase additional limits and equally many businesses who do not purchase coverage, seeking to do so during 2023.
4 CFC Underwriting data
WTW offers insurance-related services through its appropriately licensed and authorised companies in each country in which WTW operates. For further authorisation and regulatory details about our WTW legal entities, operating in your country, please refer to our WTW website. It is a regulatory requirement for us to consider our local licensing requirements. The information given in this publication is believed to be accurate at the date of publication shown at the top of this document. This information may have subsequently changed or have been superseded and should not be relied upon to be accurate or suitable after this date.
Title | File Type | File Size |
---|---|---|
GB Cyber - Cyber Insurance Update - H2 2022 | 5.2 MB |