January 29, 2021 by Adam Malik
The global COVID-19 pandemic has distinguished between cyber insurers who are serious about offering coverage, and those who were just hoping to ride the gravy train while times were profitable, according to one industry analyst.
Cyberattacks have skyrocketed, in part due to government lockdowns that have caused many Canadians to work from home to prevent the spread of COVID-19. The global pandemic has exposed many cyber vulnerabilities, including employees working through unsecured networks at home, and increased email communication leading to successful phishing and ransomware attacks. MSA Research reported that insurers posted a loss ratio of more than 1,100% in the cyber insurance line of business for the three months ending June 2020.
Cyber claims costs have soared after years of low numbers, a turn of events that insurers cannot claim to be entirely unexpected, said Matt Cullina, managing director of global markets at CyberScout.
“I think it’s not even a correction — I think it’s just a market evolution,” Cullina told Canadian Underwriter in an interview. “The underwriting side of the house has been super-profitable for several years, and I think it’s just the market catching up and the risks catching up to the product.”
Clients were getting their money’s worth and beyond when buying coverage. But there are more risks now, and people are being bombarded by cyberattack attempts.
“This is the reality now, that these risks exist, and that they’re becoming top risks,” Cullina said. “And it’s not just for prediction articles like this. It’s real.”
The fallout from cyberattacks goes beyond just being an annoyance for customers. They’re raising claims costs, which has triggered underwriters to offset losses through premium increases. “They’re business-crushing,” said Cullina. “Especially ransomware. And social engineering scams can cripple a business for a time.”
Despite the intensity of claims, hope remains that the cyber product line, be it commercial or personal, can be profitable. Essentially, the hard market is separating the wheat from the chaff, by making sure those insurers committed to the market are ready to provide clients with what they need.
“I think that a lot of folks came into the market trying to jump on the bandwagon [after] seeing how profitable the business was, how fast it was growing,” Cullina said. “And then, inevitably, the claims started impacting [them]. Maybe they were underprepared [for] how to…respond to those incidents well.”
Part of the problem, Cullina suggests, is that insurers weren’t prepared for handling a higher volume of cyber claims.
“We’ve inherited some books from insurers that have had cyber solutions in Canada for a while,” he said. “What we found is that, sure, claims volumes were increasing, and the complexity of those claims increased, but also the expertise wasn’t there on the…post-loss end. So the claims weren’t being managed as well as they could have been — not just from a customer service standpoint, but from a cost and loss mitigation standpoint.”
Feature image by iStock.com/erhui1979