June 23, 2017 by Canadian Underwriter
The cyber line of business is expected to be one of the leading growth areas within the property and casualty space in the United States, with cyber coverages estimated to increase between US$7.5 billion to US$20 billion by 2020, a new report from A.M. Best Company suggested.
But despite the growth in direct premiums of 34.7% from 2015 to 2016 reported by U.S. companies, “it is too early to determine if these growth projections will come to fruition,” the ratings firm cautioned in its Best’s Special Report, titled Cyber Line Expected to be One of the Leading P/C Growth Areas and released on Thursday.
For the cyber market, total direct premiums written (DPW) in 2016 were US$1.3 billion, of which 67.9% were on a standalone basis, with the balance reported as packaged policies. The top 20 writers wrote US$1.2 billion, of which 73.7% was on a standalone basis. This percentage increased for the top five writers, which reported 81% of the US$699 million on standalone policies, the report said. Comparing 2015 with 2016, DPW for both standalone and packaged policies increased by 34.7%.
“Comparing 2016 data with 2015, one of the key takeaways is that the top cyber policy writers have shifted from packaged policies to standalone policies or have more accurately filled out the supplement,” the report said, referring to the Cybersecurity and Identity Theft Insurance Coverage Supplement, introduced by the National Association of Insurance Commissioners for year-end 2015. The supplement is broken down based on standalone and packaged coverage. Information is limited to companies that file annual statutory financial statements with the NAIC (140 companies as of year-end 2016).
Oldwick, N.J.-based A.M. Best said in the report that it views the shift from packaged to standalone policies “as a positive change, since most claims have been covered under traditional insurance products, such as commercial general liability policies (CGLP), business interruption (BI) or directors & officers (D&O). The extension of implied coverages to these lines was not intended; without any exclusory language, however, some court rulings have sided with policyholders. Due to the general language of these polices, and expensive litigation, many insurance companies realized that tailored coverage forms addressing cyber liability risks separate from CGLP/BI/D&O were more efficient and effective.”
This transition to standalone cyber policies may contribute to better pricing and reserving methods, which may ultimately lead to refinements in modelling tools and contribute to more accurate understanding of risk aggregation, the report added.
A.M. Best also expects a continued increase in the standalone type of coverage compared to packaged, “mainly due to anticipated cost and expense reductions in litigating disputed claims, as well as more specific and defined policy language focusing on the prevalent type of attacks.”
Focusing on the top 20 writers, standalone cyber policy paid losses, relative to direct premiums earned (DPE), increased from 19.5% in 2015 to 24.3% in 2016. Paid losses relative to DPE for packaged coverages increased from 15.7% in 2015 to 21.8% in 2016. This increase in paid losses for packaged coverages was driven by the defense and litigation costs that are inherent in such policies, the report said.
“Overall, cyber insurance for the majority of this universe of companies was profitable and the direct loss ratio decreased by 9.6% from 51.4% in 2015 to 46.9% in 2016,” the report said. “The decline in direct loss ratio for 2016 for the U.S. insurers, however, is partially attributed to the majority of reported cyber-attacks being related to ransomware heists.”
In almost all ransomware cases, the report continued, the losses were well below the deductible and a simple backup recovery resolved and remedied any negative long-term effect of the attacks.
Due to the intricacies of cyber coverage, it is expected the majority of future premiums will be offered by a limited number of companies, the report concluded. “While many signs point to very substantial growth in the cyber line of business, it remains to be seen whether increased demand will be sustained beyond the typical bump that occurs after every noteworthy breach.”