GB Cyber Insurance Market Update

Executive summary

This update is a general overview of the key developments in the GB cyber insurance market; we will analyse the current conditions for WTW clients both international and UK based companies using the London insurance market to transfer risk.

During Q1 2023 the GB cyber insurance market saw further improvements for clients with additional levels of insurer competition.

In particular:

• Improved buying conditions throughout Q1, most segments of the cyber market benefited from improved rates and pricing, including those previously most affected by the hard market conditions in parts of 2021 and 2022;
• Cyber market insurers offering larger amounts of capacity more frequently and offering capacity for companies that were out of appetite in the past 12-24 months due to increased underwriting flexibility
• Clients often achieved material pricing reductions unless pricing was already very competitive
• Policy retentions/excesses were generally stable but insurers showed increased willingness to offer alternative retention options
• Policy coverage, particularly in respect of systemic risk (war and infrastructure exclusions in particular) remains under very close scrutiny but insurers are increasingly showing more flexibility regarding such exclusions
• Provision of detailed underwriting information, especially context around cyber risk controls, remains essential as insurers show increased willingness to understanding the risk controls in place in order to offer capacity and/or improved pricing
• Claims trends suggest a severity of claims continues to increase, with ransomware threat actors stepping-up attacks against large enterprises

All of these key developments will be covered within this update.

Cyber insurance market capacity

Q1 2023 has seen strong competition from insurers to deploy capacity on both primary and excess layers, with a notable increase in the number of insurers competing for primary positions. This provided options for existing cyber insurance buyers to purchase increased policy limits, a trend which we have observed with increasing frequency, with clients increasingly using savings achieved (in renewing their existing total limits) to purchase additional capacity.

Further new capacity has already entered the cyber market in 2023, with a number of insurers identifying continued demand for cyber insurance capacity from both existing and new buyers.

USD10m remains a common average amount of capacity offered per insurer; however, some insurers are now offering limits/capacity in excess of USD10m. During Q1 2023 cyber insurance buyers used this increased flexibility and competition to achieve optimum results, with some securing reductions of over 25%.

WTW’s new excess layer facility “CyXS”, offering up to USD/GBP/EUR 50m of excess capacity, has been used by a number of clients in Q1 2023 with a number also purchasing the CyXS restore function, which provides the option to purchase a reinstatement of limit at pre-set pricing, giving further options for clients to consider.

Premiums and self-insured retentions

Pricing in Q1 2023 has been more stable than recent quarters, removing exceptionally high and/or low pricing, relative to the placement in question. Pricing reductions were achieved with increasing regularity.

Common reductions of around 10-25% were often available in Q1 2023, however this is not the default position and is influenced by a number of factors, including the amount of capacity purchased, as this generates differing levels of opportunity for restructuring placements.

There were some exceptions to the pricing trends outlined above, but these were confined to placements where a company’s risk controls were perceived as insufficient, there had been claims activity, or where the current pricing was still perceived as too low/inadequate.

In terms of self-insured retentions, these have continued to stabilise. In an increasing number of cases, insurers have been willing to provide alternative lower options/structures, particularly where they are competing to secure new business.

Buyers who see pricing as a key consideration will need to navigate the market with a well thought out strategy (hand-in-hand with their broker) to ensure the best results are achieved, including factoring-in the amount of capacity they wish to purchase, as this may well impact the overall strategy.

Policy coverage

Lloyd’s of London (“Lloyd’s”) issued a market bulletin on 16 August 2022,^[1] which outlined its minimum requirements with respect to nation state cyber-attack exclusions. Lloyds Market Association issued a further bulletin on 20th January 2023, detailing model clauses with ‘A’ and ‘B’ versions to cater for differing approaches concerning the attribution of an incident to a state.^[2]

Lloyds syndicates were required to comply with Lloyds minimum requirements for business incepting on or beyond 31st March 2023, therefore the interpretation of the 16 August 2022 bulletin (by competing Lloyds syndicates) and client’s response(s) to these approaches (war exclusions offered) will become clearer for business being placed during Q2 2023 and beyond.

We expect insurers potentially differing approaches to these exclusions will directly influence the client’s decision to retain (or add) the insurer(s) in question to their cyber insurance placement, and such differing approaches may well lead to insurers being replaced by another competitor.

WTW’s focus in this area is first and foremost to listen to clients regarding such exclusions and to ensure they are given expert advice in order to allow them to make informed decisions. We expect to see an ongoing evolution of the exclusions that insurers are willing to offer throughout 2023, especially where insurers believe they are at a competitive disadvantage compared to peers.

Claims and notifications

We have observed the following trends in our 2023 Claims Analysis Report:

• Third parties (often suppliers who store data on clientsor employees) are responsible for 43% of data breach losses – making vendor risk management critically important
• In respect of first party costs, on average 50% of such relate to operational/trading cost losses, dwarfing the 16% of such costs apportioned to a ransom payment, suggesting that focusing solely on trends regarding ransom demands appears to be the tip of the iceberg in respect of overall financial business impact
• Ransomware threat actors are moving back up-marketi n search of lost profits (Coveware ransomware blog)^[3], with Coveware stating that they observed a material increase in attacks on large enterprises that achieved levels of impact that they had not observed since before the Colonial Pipeline attack in May 2021

In further suggestion of a shift in the ransomware landscape, Coveware note that in In Q1 of 2023, 45% of attacks had an initial demand over $1 million, an all-time high.

Given the highly changeable claims trends throughout 2021, 2022 and into 2023, it feels prudent to expect the unexpected, suggesting to us that existing cyber insurance buyers should continue to maximise the opportunities of a more favourable market to purchase additional limits whilst none-buyers should review the options available to put cyber insurance in place.

Sources

1. Lloyd’s market bulletin Return to article undo
2. Lloyd’s Market Association Bulletin Return to article undo
3. Coveware ransomeware blog Return to article undo

Disclaimer

WTW offers insurance-related services through its appropriately licensed and authorised companies in each country in which WTW operates. For further authorisation and regulatory details about our WTW legal entities, operating in your country, please refer to our WTW website. It is a regulatory requirement for us to consider our local licensing requirements. The information given in this publication is believed to be accurate at the date of publication shown at the top of this document. This information may have subsequently changed or have been superseded and should not be relied upon to be accurate or suitable after this date.