As we wrote yesterday, the recent cyber attacks that struck more than 150 countries across the globe with ransomware will stimulate new demand for cyber insurance and reinsurance coverage, and Fitch Ratings agrees, saying today that re/insurers are in a unique position to respond to assist customers faced by this threat.
The attacks, which are perhaps the most widespread and highly reported outbreak ever seen, help to demonstrate the “widening scope of corporations’ cyber risk exposures” the rating agency said today, which is expected to stimulate increased demand for related insurance protection.
Any increase in insurance protection will require cyber reinsurance capacity, and as the understanding of cyber insurance threats grows and the complexity of events increases, specific cyber reinsurance solutions are going to be required to back the insurers offering cyber risk protection.
Fitch warns insurers against being too eager to jump into cyber insurance underwriting, perhaps sensing that such high profile attacks could result in a jump in demand that may be tempting to some companies, particularly given current market conditions.
Fitch warns that “a cautious approach to adding cyber exposures is warranted” and the rating agency says that there is “considerable uncertainty in pricing and underwriting this risk.”
Any “aggressive expansion” by individual underwriters into the cyber risk insurance segment may be deemed credit negative by the rating agency, Fitch warns.
Working out the losses from these recent cyber attacks will take time, Fitch notes, but it expects that corporations will likely display greater interest in cyber risk protection, including insurance solutions, as any high-profile attacks such as the ransomware is sure to increase corporate anxieties over this risk.
Regulatory compliance could be another factor, as corporations are mandated to adopt some level of protection against cyber risks, with insurance likely to become one step towards compliance in some industries.
The scope for cyber related insurance is broad, demonstrating the opportunity for insurers and reinsurers. Losses are possible due to systems and property damage, remediation costs after attacks, lost revenue from business interruption and reputational exposure, as well as the potential for third-party liability exposures triggered by errors and omissions or if a corporation is deemed to have failed to protect customer data. Additionally, cyber professional liability exposures, including potential claims against directors and officers for failing to manage risks and prevent cyber incidents, can also result in losses.
Fitch says that U.S. insurers underwrote approximately $1.3 billion in cyber insurance in 2016, and forecasts that the market could grow more than tenfold to $14 billion by 2022.
At that size, and given underwriters inexperience in cyber lines and the inherent uncertainty surrounding the potential for cyber attacks, the growing cyber insurance market will require reinsurance support to achieve this growth.
So far, Fitch notes that the industries underwriting experience relating to cyber insurance appears relatively favorable in recent years, but the rating agency adds that the market remains untested to-date.
Challenges remain in cyber underwriting though and Fitch highlights the challenge of establishing actuarially robust pricing and coverage terms given the lack of robust historical loss data, as well as the continually evolving nature of cyber attacks and the uncertainty regarding the source and range of potential losses that could be suffered.
Additionally, a disconnect between the cyber coverage insurers are currently willing to offer and the policyholders’ own view of their risk and what coverage they need is also holding back cyber insurance growth. However, as the cyber insurance market matures, these views will likely converge and product-market fit improve, Fitch notes.
Given how challenging the cyber insurance market is, Fitch says “We would view aggressive growth in stand-alone cyber coverage, or movement to high portfolio concentration in cyber, as negative for an insurer’s credit profile,” as “Underwriting, pricing and reserving uncertainties would outweigh the potential earnings growth benefits.”
However controlled growth into cyber insurance could be seen as credit neutral.
Cyber is not a simple business line to expand into and required real expertise to create portfolio’s. To-date the insurance and reinsurance market has developed this market with the help of exclusions and restrictive terms, which needs to change in order for cyber risk coverage to become much more widely used and prevalent.
As well as less restrictive policies and more targeted coverage, the use of reinsurance capacity to take on the peak cyber risk exposures is also going to be key, if this market is to achieve the forecasted levels of growth.