The second Insurance Risk Monitor from leading actuarial consultancy OAC (part of the Broadstone Group) this month focuses on cyber insurance, its outlook and key themes impacting the current market and risk environment.
Global gross premium volume for cyber insurance grew by over 20% annually between 2019 and 20221 and demand is forecast to increase significantly for at least the next decade2. Premium growth forecasts by leading analysts go as high as 25% p.a3.
Demand for cyber insurance is rising across almost all economic sectors and is highest from industries that rely on or handle personalised data, confidential information, electronic transactions and online services. Providers of critical infrastructure are also seeking expertise from insurers to mitigate the risk of or disruption following a cyber-attack.
OAC’s non-life consulting team stated that the rating environment remains competitive however the competition is at healthy levels and current rates are broadly adequate to deliver underwriting profits.
They also said that exclusions for state backed cyber-attacks on standalone cyber policies introduced in August 20224 has resulted in some business leaving Lloyd’s for other markets however they have not seen evidence that this change has significantly dampened overall premium volume increase. They stated that this change has most likely improved rate adequacy, as a significant driver of downside risk was mitigated without a material loss of rate.
Based on our analysis, we believe downside risk for cyber insurers has deteriorated over the last two years, although this deterioration is mainly in the tail and therefore is not necessarily visible in the claims experience. There are several drivers that have increased the likelihood of a major loss event and well as the potential for accumulation given an event occurs.
Some of our key areas of concern are:
• The widespread availability of generative AI has allowed cyber-criminals to significantly improve their capabilities for deception, impersonation, creation of malicious software and evading detection;
• The increasing prevalence of connected devices has led to a steady increase in the complexity for managing cyber security as well as an increase in the average number of entry points that cyber-criminals can target;
• Interconnectedness of systems and supply chains throughout the economy has increased steadily as global economies digitise which increases the risk of contagion and the potential for consequential losses;
• Heightened geo-political tensions are likely to result in more cyber-attacks. Although nation state backed cyber-attacks are widely excluded, state sponsorship is not straight forward to determine, especially where the cyber-criminals are successful at evading detection. Many analysts report that cyber-crime is increasingly seen by certain states as an alternative source of income in the face of economic sanctions;
• Quantum computing is a longer-term risk but potentially very severe as it is predicted to be able to defeat the most advanced banking encryption systems. A severe attack that defeats banking encryption systems can potentially destabilise the financial system of entire countries or even the global financial system as a whole.
Bharat Raj, Head of London Markets at OAC, said: “Cyber insurance remains an attractive market for incumbents and new capital and there is good opportunity for growth and underwriting profit.
“Engagement with your policyholders, coverholders and cedants is key to ensuring strong underwriting performance. Policyholders and cedants increasingly look to their insurance partners for expertise and advice for mitigating cyber risk in the first place. Working collaboratively generally pays dividends as it can help drive improvements in the claims experience and premium rates as policyholders appreciate the value-added services on offer.
“Actuaries and risk managers have a significant role to play given the current, rapidly shifting environment. The historical experience is likely to need adjustment to reflect changes in the general risk environment, coverage terms and the mix of sectors covered as this class evolves.
“Actuaries and risk managers are uniquely placed to help insurers understand the downside risk and drivers of loss accumulation across the cyber portfolio. Various vendor models have emerged for cyber insurance but these are still at a nascent stage and have not yet reached the same maturity as natural catastrophe models.
“Scenario analyses and actuarial deep dives are probably the best tools currently available for really getting to understand the tail risk.”
|