Direct premiums written for both standalone and packaged cyber policies grew about 12 percent in 2018 from $1.8 billion to $2.0 billion, A.M. Best said in a market report. That was a bit of a slowdown from a growth rate of 30 percent for the previous two years.
The $2.0 billion in DPW is more than double what was written in 2015.
In 2018, 528 U.S. insurers reported writing cyber insurance, up from 471 in 2017.
The report notes that in addition to being driven by increased awareness and demand, the growth is also being influenced by insurers excluding cyber protection from traditional business coverages and offering it separately, according to the report. Of the $2.0 billion in premium in 2018, about $1.1 billion was package policies. In 2017, $813 million of the $1.8 billion total was packaged.
Small and medium-sized enterprises (SMEs) are more likely to buy packaged policies than large firms. A.M. Best found that many insurers are adding cyber endorsements to their package policies and business owner's policies and packaging cyber with technology errors and omissions policies. This is "pressuring other insurers to follow suit, to stay competitive and to meet the demands of policyholders," the report says.
The report, "Cyber Insurers Are Profitable Today, but Wary of Tomorrow's Risks," notes that total claims grew 39% last year compared to 2017, which the report says reflects a changing market with more SMEs buying coverage. In 2018, there were more than 12 million first-party claims for costs associated with breach notifications, credit monitoring for customers and business interruption.
Overall, the line remains profitable, with 2018 direct paid loss and defense and cost containment expenses ratios below 25 for both standalone and packaged cyber.
A.M. Best said it believes cyber loss ratios are low because carriers are pricing with higher loads given the uncertainty surrounding this risk but that could change once more data is gathered. It said it expects that the "current profitability of cyber insurance will attract more competition, which will ultimately pressure profitability."
The top 10 cyber writers held 69.5% of the market in 2018. The report identifies the top five cyber insurers by DPW to be:
- Chubb $325.8 million (16% market share; 98% packaged)
- AXA US $255.9 million (12.6% market share; 100% standalone)
- AIG $232.6 million (11.4% market share; 99.9% standalone)
- Travelers $146.2 million (7.2% market share; 77.2% standalone)
- Beazley $110.9 million (5.5% market share; 90.9% standalone)
The top writers in terms of policies in force as identified by A.M. Best are:
- Hartford 510,000
- Liberty Mutual 202,100
- Farmers 184,300
- Cincinnati 179,300
- Berkshire Hathaway 146,900
As well as things are going, there are challenges, with the uncertainty around pricing being just one. Underwriting business interruption/continual business interruption remains difficult. New risks are arising from emerging technologies, the Internet of Things and the use of big data, the report continues.
Also, the threat that insurers are most worried about remains a systemic event that could cause extensive losses and jeopardize a cyber insurer's solvency.
However, A.M. Best believes that most insurers are not overly-exposed.
"Most companies writing cyber insurance are remaining prudent about their total exposure, and cyber exposure relative to policyholder surplus is limited," the report says.
There is also concern over whether some cyber attacks should be considered acts of war and thus potentially covered under the federal terrorism reinsurance law. This issue is now in the courts, triggered by the 2017 NotPetya attack in a case involving Zurich Insurance. It is playing out as Congress considers whether to renew the Terrorism Risk Insurance Program Reauthorization Act, which expires on Dec. 31, 2020.
"Risk managers and brokers must consider what clarity and assurances they can obtain to minimize the risk that insurance companies will attempt to deny coverage due to the war exclusion. Companies should be looking carefully at the 'act of war' exclusionary language and negotiate changes," the report advises.
Source: A.M. Best