Canadian Underwriter
News

Global cyber attacks expected to up demand for related insurance, U.S. market could grow 10-fold: Fitch Ratings


May 16, 2017   by Canadian Underwriter


Print this page Share

Fitch Ratings expects demand for cyber insurance protection will increase in the wake of the slew of recent ransomware cyber attacks in 150-plus countries, but cautions against aggressive expansion that could prove credit-negative.

“Growth in corporate anxiety from cyber-related threats amid regular reports of data breaches and other information system intrusions will spur demand for cyber protection and solutions, including insurance protection,” notes a company statement Monday.

For example, the WannaCry cyber attack has affected computer networks for industrial, service and transport systems, among others, in many countries around the globe to date and has resulted in widespread disruption.

Related: Ransomware ‘WannaCry’ spreads to thousands more computers at start of workweek

Fitch Ratings reports that U.S. insurers wrote about US$1.3 billion in cyber coverage last year, adding “this market could grow more than 10-fold to US$14 billion by 2022.”

While many insurers have opted for a cautious approach to introducing cyber coverage, particularly with regard to liability coverage, “underwriting experience relating to cyber coverage, as reported by insurers, has appeared relatively favourable for insurers in the past two years,” Fitch Ratings explains.

Still, “the market remains untested,” it notes. “Insurers’ reluctance to write more cyber coverage lies with challenges in establishing actuarially robust pricing and coverage terms for cyber-related risks given still-limited data from historical claims losses.”

The WannaCry incident is among those revealing the widening scope of cyber risk exposures for corporations, Fitch Ratings suggests. Also likely to fuel demand for insurance coverage for cyber attacks is compliance with developing regulations.

Although insurers are in a unique position to assist customers in addressing cyber attacks and related threats, “a cautious approach to adding cyber exposures is warranted as there is considerable uncertainty in pricing and underwriting this risk. Aggressive expansion by individual underwriters into the segment could be credit negative,” the firm warns.

Cyber-related events include cyber extortion, ransomware attacks, systems hacking, data theft and denial of service attacks. “These events may create economic losses from damage to systems and property, remediation costs, lost revenue due to business interruption and reputation damages,” the company notes.

Hacking events can also generate third-party liability exposures triggered by errors and omissions or failure to protect data and, possibly, professional liability exposures, including claims against directors and officers failing to manage risks and prevent incidents.

Related: Cyberespionage and ransomware attacks on the increase, report warns

The evolving nature of cyber attacks, range of potential losses and limited historical claims could serve to enhance the part of insurers, who “are playing an expanded role in countering the cyber threat, utilizing traditional expertise in risk management and claims services,” Fitch Ratings suggests.

“They are also gaining more technical expertise in cyber threat testing and prevention and post-event resolution through acquisitions or alliances with cyber security vendors,” the statement notes. “Cyber protection coverage, therefore, increasingly includes a service and advisory component, as well as insured loss limits.”

In light of continuing challenges, Fitch Ratings views “aggressive growth in stand-alone cyber coverage, or movement to high-portfolio concentration in cyber, as negative for an insurer’s credit profile. Underwriting, pricing and reserving uncertainties would outweigh the potential earnings growth benefits.”

Instead, the rating firm recommends that “controlled growth as part of a diversified portfolio, coupled with continually enhanced underwriting standards.”

Related: Canadian companies likely to pay ransomware demands, among highest for lost revenue and business interruption, international study finds