Insurance buyers are facing rising cyber risk and insurance challenges, but are there green shoots of a market softening more generally?

Airmic 2021: The cyber market is still perceived as “hard” by the majority (91.7%) of respondents in Airmic’s latest Pulse Survey on insurance market conditions.

While the remainder were neutral, in the sense that supply of capacity is still at least matched by demand, and prices are seen as robust and in some cases still rising (50% thought the market was deteriorating).

The survey focussed on cyber risk insurance from a buyer’s perspective against the backdrop of rising in online security threats in 2020 and 2021, putting ever greater onus on cyber risk and financial risk transfer.

However, there are green shoots of improvement emerging in market conditions, with a number of members report an easing back of premium rate increases and cover limitations.

Although challenges remain for large commercial buyers seeking programme capacity, the outlook into 2022 looks – albeit cautiously – somewhat more positive.

Respondents were split in their view on the market next year (38% expecting a deterioration; 29% expecting an improvement; and 33% expecting it to remain consistent).

While the majority of respondents (69%) reported that their organisation had at least one insurance captive in operation.

However, few respondents said their organisations were contemplating setting up captive if they did not already have one (just 17%).

Julia Graham, Airmic’s chief executive, said: “Will spring bring continued growth in the green shoots we are seeing? We not only see premium and cover green shoots, but a genuine effort from the market in building or rebuilding relationship bridges with our members. This overall scenario gives us some optimism for a better 2022.”

Fit for purpose?

Organisations adjusted at short notice to remote working during the pandemic, accelerating the longer term trend towards digital transformation - but new ways of working have created more cyber risk touch points and new risks, resulting in opportunities for cyber criminals to exploit.

The proliferation of ransomware attacks in particular has transformed the risk of data breach, through accessing sensitive Information then held to ransom.

For commercial insurance buyers, there is a perception that the cyber insurance market is still developing, for example roughly half (53%) of the respondents bought cyber insurance, and 47% did not. 

Respondents are broadly happy with claims, which are being paid efficiently (the claims experience was rated “very satisfactory” by 74%, although only 13% said they had made a claim in the past 12 months).

However, does the market have the data it needs to underwrite this cover effectively? Insurance buyers fear the cyber insurance market lacks adequate data, skills and knowledge to adequately to underwrite cyber cover effectively. 

Data breach and security advisers were ranked the first organisations to consult after a breach – ahead of insurers or brokers. 

Added to which, the insurance market is still struggling to understand its silent cyber exposure for example, cyber risk that is neither expressly covered nor excluded in covers.

There is lack of confidence about how the insurance market will respond if – or more likely when – a systemic cyber ever should occur.

Graham said: “This said, the market needs to energise its efforts to keep up with the opportunities available through technology and be conscious of more sophisticated use of analysis of data, and new risk financing models and mechanisms creeping up on out-of-date solutions with some internally-focussed practices.

”Our members work with organisations which are harnessing technology, and the market needs to avoid falling behind them.”

Findings 

• Of those members who buy cyber insurance and have had a claim, all claims relate to a ransomware attack and all claims have been met.

• Employee education and email defences are the most likely cyber risk controls.

• Data breach advisors and security advisors are by a significant margin the most likely first points of contact following a cyber incident.

• Premium rates for cyber are rising and increases of +400% have been seen for the first time in these surveys.

• Cyber risks are the most likely new risks to be financed by captives.

• The market is still perceived as “harsh”, but there are green shoots of improvement emerging in market conditions.

Previous Insurance Market Pulse Surveys from Airmic have focused on renewals and claims (January 2021) and the directors’ and officers’ liability market (September 2020).