The loss ratio for the U.S. cyber insurance market increased by 10 percentage points year-on-year in 2019 to approximately 45%, as insurers both small and large felt the effects of an increase in ransomware attacks, reports insurance and reinsurance broker Aon.
The fifth edition of Aon’s annual U.S. Cyber Insurance Profits and Performance report explores the cyber operations of 192 U.S. insurers that reported direct cyber premiums to the NAIC, up from 184 carriers in 2018.
According to the re/insurance broker’s data, U.S. cyber premiums increased by 11% year-on-year to $2.26 billion in 2019, with 90 insurers writing more than $1 million and 41 writing over $5 million. Aon states that the top ten cyber insurers in the country accounted for 69% of direct written cyber premiums in 2019, compared with 70% in 2018.
But despite the premium growth, Aon notes that the industry experienced the impact of the increase in ransomware attacks during the year, reflected in a loss ratio of 44.9% in 2019 against 35.4% in 2018.
As expected, the higher loss ratio was primarily a result of elevated claims frequency, with losses spread across firms of all sizes, especially the small commercial segment, says Aon. Across all companies, the average 2019 claim frequency was 5.6 claims per 1000 policies, which is up from the 4.2 recorded in 2018.
Furthermore, the rise in frequency more than offset a decline in the claim severity, with Aon reporting that the average claim size fell to $48,709 in 2019 from $50,401 in 2018.
Commenting on the report, John Laux, Head of Cyber Analytics for Reinsurance Solutions at Aon, said: “Although ransomware has been on the rise for years, it was 2019 when the insurance industry felt the impacts far and wide. Unlike the NotPetya claims of 2017, these losses were not limited to a few large multinationals but were spread across companies of all sizes, and especially affected the small commercial segment. We expect that ransomware will be the main claims story of 2020 as well.”
Although the rise in claims frequency in 2019 pushed up the loss ratio for the U.S. cyber insurance market, at an estimated 74.5%, the sector’s combined ratio remains in profitable territory. Aon’s estimated combined ratio for 2019 is comprised of the 44.9% loss ratio and a 29.6% expense ratio.
Aon notes that when interpreting these results, it’s important to consider that the expense ratios are estimated from “other liability-claims made” and “commercial multi peril” business. The broker adds that its experience with many carriers suggests that cyber expense ratios are higher than for other lines, which is not reflected in the NAIC data.
“For years now, the thesis of cyber insurance has been that risk mitigation and risk transfer belong together – that insurers can help companies that suffer from cyberattacks to get back on their feet while working to reduce cyberattack frequency and severity through more effective risk controls. We believe that the next several years may finally see this come to fruition with insurers helping improve cybersecurity hygiene and reduce the cost of cyberattacks,” said Laux.
