Cyber security server.jpg

Cyber insurance market: The year in review

By AXA XL Insurance


Cyber liability is fast becoming the last frontier of the insurance world. Hackers and cyber thieves are growing in number and in the sophistication of their attacks.

Attacks that do not require hackers to directly breach systems, fileless or zero footprint attacks can be legitimate applications or even operating systems. These types of attacks don't install new software on a user's computer, so antivirus tools are more likely to miss them. 

Cyber thieves are setting their sights higher, as well, shutting down systems and demanding expensive ransoms.

In 2017, the insurance world saw the significant threat of ransomware in the forms of Petya, NotPetya, and WannaCry malware attacks that infected computer systems in over 150 countries and ground operations to a halt across numerous industries, including universities, hospitals, shipping companies, and governments.

While the exact losses associated with these events may never be known, estimates for the NotPetya attack stand at $10 billion; the total from the WannaCry attack, $4 billion. Some estimates have the Petya attack costing 10 times that of WannaCry.

Even with such high-profile cyberattacks, the market for cyber insurance is still flush with availability. With more demand for cyber coverage coming from buyers and relatively few major cyber loss events, the number of carriers offering cyber coverage has grown significantly.

2018: Risks up close

The abundance of coverage does not indicate a lack of risks, instead, quite the opposite. 2018 brought these changes to the cyber market:

  • Increased Ransomware Attacks While last year’s major ransomware attacks did not impact the US market significantly in terms of their severity, the increase in the frequency of these attacks is cause for concern. Today, most cyber breaches are ransomware attacks. The reason: the ransoms have gone up exponentially. 
  • More sophisticated social engineering fraud hit its stride in 2018. Hackers turned their attentions away from hacking into systems to using reconnaissance on individuals within a company to breach security measures for financial gain. By convincing employees or IT departments that a system access request is coming from the CEO who is traveling in another country, hackers were able to gain easy entry and carry out their plans.
  • As ransomware attacks increase, so will the risks of exposing customer and company data. The General Data Protection Regulation (GDPR) took effect in May 2018, putting pressure on companies across the globe to protect the data of EU citizens. 

The Evolving Buyer Influence

Along with the risks, other changes within the cyber market are impacting capacity and coverage options.

  • Buyers are in the driver’s seat, a fact that is evidenced by the demands buyers are placing on cyber insurers. Buyers are turning to carriers for comprehensive pre-breach and post-breach cyber risk management services, and carriers are responding, either directly or by offering these services through third parties. 
  • Another change among buyers: more inclusive coverage. From endorsements to expanded coverage language, carriers are amending policies to meet many more pain points for their buyers. Several endorsements have begun to appear, covering things like: system failures, social engineering losses, consequential reputational loss, and hardware loss. 
  • More demanding buyers are also beginning to test policy parameters at claim time. Even indirectly related cyber events are being filed as cyber damages. Carriers are looking to bring clarity to coverage terms. As coverage is becoming even broader, how claims under these new insuring agreements will be treated is unprecedented.
  • For cyber insurance, InsurTech has delivered a better customer experience from purchasing to servicing due to efficiency in the underwriting process and policy delivery. It has also enabled carriers to get new products and enhancements to market faster.

For cyber insurance, InsurTech has delivered a better customer experience from purchasing to servicing due to efficiency in the underwriting process and policy delivery.

Predictions for 2019

As 2019 begins, we expect to see buyers continue to put pressure on their carriers to deliver more comprehensive coverage options and services. Buyers will continue to turn to their carriers for risk management services. For now, we predict the market to remain stable with policy language evolving and buyers continuing to influence changes to policy language and endorsement offerings.

As discussed above, the industry will also see a continuation of coverage expansion and claims for events not typically thought to fall under the cyber liability umbrella. Most relevant, will be the crime and property policies. The question to answer: under what policy is the risk insurable?

To answer that question, carriers will be looking to clarify policy language. Buyers should work with their brokers on addressing other insurance clauses to avoid ambiguity when a claim or incident arises. 

In some ways, data and analytics may help bring that clarity. We predict the use of data and analytics to write cyber coverage will increase in 2019. As carriers look for ways to mitigate the impact of an aggregate event that could affect multiple policies, they will be relying on more outside data and analytics to drive more efficient and ultimately, more profitable underwriting efforts.

The traditional method of using standard questions to underwrite cyber risk will eventually be replaced by data-driven underwriting and risk engineering that can speed underwriting decisions on a case-by-case basis, providing more accurate policy coverage.

The use of data and analytics may also influence the ability of carriers to succeed in the cyber market, with more accurate underwriting capabilities being a potential differentiator among robust competition. Another differentiator: experience. As new carriers enter the market, buyers should be looking for carriers that have built a solid claims history and have a clear understanding of the cyber landscape. 

The steady market we are experiencing now could shift in the aftermath of a major event. Catastrophic claims in cyber liability are inevitable as breaches and ransom events continue to evolve.

Companies should work with their carriers to understand their unique risks and put sound risk management and cyber coverage in place to decrease their exposures.

Original article posted by AXA XL Insurance.

This guide is for information purposes and based on sources we believe are reliable, the general risk management and insurance information is not intended to be taken as advice with respect to any individual circumstance and cannot be relied upon as such.