The National Association of Insurance Commissioners (NAIC) has reported a remarkable 50% increase in US cyber insurance premiums in 2022, totaling $7.22 billion, according to Aon’s U.S. Cyber Market Update.
While this growth is notable, the industry’s performance also reveals emerging challenges, with the CL0P/MOVEit attack taking center stage as a potential threat in 2023.
The CL0P/MOVEit attack is identified as an emerging threat. This evolving situation has the potential to reverse the favourable trends observed in 2022, making it a significant concern for insurers, the report noted.
The 2022 calendar year loss ratio improved significantly, dropping 22 points from 67% to 45%. This improvement was driven by various factors, including an increase in premium per policy and a drop in insured frequency.
Despite the positive performance in 2022, the cyber insurance industry faces headwinds in 2023. These challenges include increasing ransomware incidents, growing competition leading to rate decreases, and heightened scrutiny on wrongful collection claims.
The majority of cyber claims are first-party claims, emphasising the importance of risk monitoring for insurers. The standalone cyber insurance market is becoming less concentrated, offering opportunities for diversification within the industry.
Micro insureds have consistently lower loss ratios on average compared to Large and Small/Medium Enterprises (SME) insureds, though 2022 saw a narrowing of this gap.
The Identity Theft insurance market, while smaller than the cyber market, reports consistently low loss ratios, with a 4 percent loss ratio in 2022.
Cyber insurance continues to experience higher volatility compared to many other lines of business, reflecting the evolving nature of cyber threats, the report noted.
There is a significant difference in loss ratios among companies, suggesting variations in underwriting approaches and quality.
In 2023, the cyber insurance industry faces a multitude of challenges. First and foremost, insurers must exercise unwavering discipline in their pricing and underwriting practices, given the mounting pressures for rate changes and the observed softening of terms and conditions early in the year.
Additionally, the evolving CL0P/MOVEit attack targeting MOVEit file transfer software looms as a significant concern, potentially jeopardising industry results. The resurgence of ransomware incidents in 2023, fueled by the ongoing conflict in Ukraine and economic factors, poses a serious threat to the positive trends witnessed in 2022, demanding heightened cybersecurity measures.
Furthermore, the escalating risk of wrongful data collection claims underscores the need for insurers to be vigilant in ensuring that data collection is accompanied by appropriate disclosures and permissions.
These challenges collectively underscore the dynamic and evolving landscape of cyber insurance in the face of emerging cyber threats and changing market dynamics.
