Thank you for Subscribing to Insurance Business Review Weekly Brief
Few areas of the insurance market get as much attention as cyber (Howden has just released its third cyber report in as many years). There are several reasons for this – the pervasive threat environment, its interactions with technology and geopolitics, the inherent unpredictability, the exciting growth potential, and, above all, its relevance to clients worldwide.
Businesses in all regions continue to rank cyber as one of their most pre-eminent risks, a seemingly well-founded view considering the myriad of shocks companies and insurers have faced in the last three years alone, from rapid digitalization post-COVID (and the proliferation of attack surfaces) to rampant ransomware and the war in Ukraine. Little surprise then that cyber remains the fastest growing area of insurance by some distance. Annualized growth of 30 percent over the last ten years compares to the single-digit percentage range for the broader P&C commercial sector.Should current growth trends be maintained for the remainder of this decade, an ambitious but feasible scenario, given the high level of demand globally, and the cyber market could scale up to the size of other major P&C business lines by 2030. Dynamic Risk Landscape No other line of business has such a dynamic risk landscape on the one hand and such growth potential on the other. These dynamics continue to play out in the cyber insurance market. Following a major correction off the back of surging ransomware claims in 2020 and 2021, which led to the cost of cyber cover more than doubling, conditions started to stabilize last year as activity relented and more robust risk controls deterred or mitigated attacks. “Insurance is proving to be critical to this fight back by indemnifying losses and incentivizing better cyber hygiene.” However, cyber rarely stands still, and developments in 2023 point to a nuanced marketplace, with optimism around more favorable supply dynamics for insurance buyers tempered by motivated cyber-criminals, ongoing concerns about potential systemic losses, and capital availability. After a relatively lull in activity last year, ransomwarehas returned to dominate the cyber loss landscape so far this year. Data from NCC Group shows ransomware attacks rose by 48% in the first five months of 2023 compared to the same period in 2022. Threat actors’ tactics are also shifting. In addition to double or triple extortion, certain groups are now accessing networks to change or even destroy data and then demanding ransoms to disclose what has been targeted. There have also been growing instances of physical threats made to company executives and their families or broader contacts to force victims into negotiations. Enabling Resilience Investment in cyber security is crucial in this environment. Staying one step ahead of attackers not only makes organizations more resilient to financially motivated cyber-attacks, but it also means that they are better prepared to navigate a highly volatile geopolitical climate that carries considerable cyber risks. Indeed, the number of new significant wiper malwaredetected in 2022 exceeded the combined number recorded throughout the previous ten years, with most activity linked to the Russia-Ukraine war.Geopolitical risks have increased elsewhere, too, with tensions mounting between China and the United States, as well as within the Middle East. Even as cyber lives up to its dynamic reputation, businesses are now better prepared to deal with the fallout. Insurance is proving to be critical to this fight back by indemnifying losses and incentivizing better cyber hygiene. Strengthened risk controls are paying dividends in 2023, as the resurgence in ransomware activity has so far not been accompanied by a corresponding rise in losses or claims.This points to the efficacy of risk controls in making companies more resilient and supporting a more stable cyber market. A Coming of Age Moment Cyber insurance dynamics are improving as a result. After a period of upheaval – characterized by a rapidly deteriorating loss environment, highly constrained insurance capacity, rising global demand and a major pricing correction – businesses, particularly those with the correct risk controls in place, are rewarded with more favorable outcomes.Pricing has plateaued or fallen in most instances (albeit from elevated levels), limits are up, and competitive forces are yielding more tailored underwriting decision-making that reflects companies' risk profiles. This puts the market on a sound footing for growth. Considerable progress has been made in a short space of time, but more work needs to be done to meet demand globally. Speed of innovation will be crucial to tapping into new pools of capital and providing solutions for unpenetrated markets, SMEs especially. Expert Advice in Extraordinary Times The core ingredients for a sustainable cyber insurance market are now in place. Having navigated the early phases of development that often come with new, fast-growing lines of business – cautious approaches initially, growing confidence (or complacency) off the back of strong profitability, market-changing losses and capacity withdrawals – competition is now returning as insurers not only look to renew existing programs but also write new business. Put simply, the growth potential is huge. Intermediaries have a crucial role to play here, especially those with the (genuine) local knowledge and capital markets capabilities needed to penetrate into new geographies and attract capital at scale.This is what Howden brings to the table and more. Come and talk to us.