According to a new report from the Bermuda Monetary Authority, the COVID-19 pandemic has highlighted a growing interest and concern around cyber risk and the need for a robust cyber insurance market.
As organisations are forced to continue to operate in remote working environments, cyber threat actors continue to exploit inherent cybersecurity weaknesses.
The interdependence brought by globalisation and the need for digitisation provides an avenue for multiple victims of cyber attacks across business sectors.
Given this, the demand for cyber coverage continues to grow, highlighting the need for the insurance sector to continue improving on its cyber underwriting practices, the report noted.
While the cyber line remains a small part of the overall Bermuda insurance market, information gathered from 2020 Year-End (YE) indicates a steady increase in both gross and net cyber exposures, at $233 and $110 billion, compared to 2019 where it was marked at $209 and $70 billion, respectively.
Based on information obtained from these returns, the report explained that 15 groups, 48 commercial insurers and 24 captive insurers, write affirmative cyber coverage, which has shown an increase in aggregate GWP from $2.96 billion in 2019 to $3.04 billion in 2020.
A slight overall increase in premium, 2.7% year on year, has been observed for YE 2020, relative to the increase in both gross and net exposures. The BMA also noted the steady rise in direct policies compared to reinsurance and package policies.
The United States, United Kingdom and Europe continue to dominate the geographic distribution of policies written for the year, comprising 75% of the total.
Cyber losses incurred during the period and loss ratios continue to rise as expected. Nevertheless, current data continues to show that the industry seems adequately capitalised to cover identified worst-case scenarios.
Furthermore, Bermuda captives continue to serve their purpose as a risk management tool for companies seeking to manage their own cyber risk exposures, as evidenced by the significant increase in the cyber gross premiums written along with the increase in the number of captives writing cyber risk.
It also noted the continued resilience of the market, collectively as measured by the net impact to the insurer’s capital levels post cyber stress scenarios.
However the BMA continues to express its concern on the full impact of non-affirmative cyber exposures to the market.
Therefore, as a next step, the Authority is introducing BMA-prescribed cyber stress scenarios to be completed on a best-efforts basis for 2021 YE, which will cover both affirmative and non-affirmative cyber exposures.
Having a standard set of cyber stress scenarios will also give the Authority a more comparable view of the market.
