A new study by global re/insurance brokerage Aon indicates that cyber premiums grew to just over $2 billion in 2018, roughly a 10% increase from the prior year.
Premiums from package business grew modestly, rising 6% year on year, while standalone cyber premiums grew 14%. Premiums for small commercial-focused cyber insurers grew 19%.
Additionally, 184 US insurers reported direct cyber written premium to the National Association of Insurance Commissioners (NAIC) in 2018, up from 170 in 2017.
The study also determined that the direct incurred industry loss ratio across all cyber policies was 35.4% during the period, with standalone and package business reporting 34.4% and 36.8% respectively – suggesting that on the whole cyber insurance was quite profitable for US insurers in 2018.
Loss ratios across both the package and total segments deteriorated modestly from 2017, but remained lower than 2015-2016 levels.
Aon says this deterioration was primarily due to an increase in claims frequency, averaging 4.2 claims per 1000 policies in 2018, up from 3.5 in 2017.
This jump in frequency more than offset a reduction in the claims severity, for which the average claim size decreased from $56,688 in 2017 to 450,401 in 2018.
Aon says this shift toward higher frequency and lower severity reflects many of the claims stories of 2018, including increased activity in ransomware, crypto-jacking and form-jacking claims.
The premium per policy also decreased slightly year-over-year due to softening market conditions.
“The main cyber story of the 2018 financial year is arguably that there was a lack of a story. US insurers, whilst still achieving good average growth during the 12 months under review, were shown to be growing at a slower pace than the preceding periods, where in both 2016 and 2017 growth rates were above 30 percent,” said Jon Laux, Head of Cyber Analytics for Aon’s Reinsurance Solutions business.
“One relative bright spot in 2018 was the small commercial cyber space, where growth is now well underway. SME risks have been highly desirable to insurers given that cyber claims frequency and severity are both lower for smaller companies.”