Two options for cyber insurers dealing with huge loss ratios

Insurers will be forced to make tough decisions about how they offer cyber coverage, thanks to claims going through the roof this year and losses piling up across the board, a cycler expert recently told Canadian Underwriter.

Insurers will have to decide whether they’ll respond to the spike in cyber claims by reducing capacity or investing more in the market to reduce frequency and severity, said Lindsey Nelson, cyber development leader at CFC Underwriting.

Two different reports show just how much cyber claims took off this year. Canada’s solvency regulator, the Office of the Superintendent of Financial Institutions (OSFI), reported a loss ratio of 498.9% for the first six months of the year. At the same time last year, that number was 153.7%.

MSA Research’s 2020 Q2 Quarterly Outlook Report paints an even starker picture. Focusing on the three months ending June 30, 2020 — which covers the full window of many employees working from home — insurers posted “an off-the-charts loss ratio of over 1,100%,” the report said. “Cyber was very high across the country.”

Industry experts have highlighted increased phishing and ransomware attacks since employees moved to a work-from-home environment. Weaker security protocols at the home office were exposed by cybercriminals.

Phishing attacks, for example, are fraudulent attempts to get the email recipient to turn over sensitive information like usernames, passwords, and credit card info by disguising the message as being a trustworthy and legitimate email. It’s the sophistication of the communication that tends to trip people up, explained Katherine Keefe, Philadelphia-based head of Beazley Breach Response.

iStock.com/gorodenkoff

“Phishing is the most widely used for criminals to get into systems and perpetrate wire frauds or ransomware attacks and I think criminals just have learned that it works,” she told Canadian Underwriter in July.

The cyber insurance market is relatively young and small, Nelson observed. That means some readjustment by insurers is bound to take place.  They’ll have two options, Nelson observed.

One is to reduce capacity and narrow underwriting appetite. Prices will go up to adjust for risks that weren’t properly priced.

The second option is to stick it out in the market for the long term.

If you take this route, Nelson told Canadian Underwriter, “you’re going to spend more money investing into your claims infrastructure to be able to reduce the frequency of losses and, potentially, the severity. The way a cyber insurer handles their claims service and their claims processing…does tend to make or break what costs end up being associated with events and what’s driving up the severity.”

That means bringing more tasks in-house, she noted. Those who do this tend to be doing better in the cyber market. When outsourcing, you risk losing control of the claims situation quickly.

“There’s also an education piece to be had for both the cyber insurers and our broker partners towards businesses,” Nelson added. For example, learning how the cyber claims process works and when clients should engage with cyber insurance. Also, some clients may think their IT department can handle all security threats; brokers need to emphasize that that cyber insurance can actually complement IT.

Having a complementary approach to means “clients aren’t running away and trying to handle claims themselves and incurring unnecessary expenses, which again drives the cyber market rates up when claims get more severe as a result,” Nelson said.

Feature image by iStock.com/Bulat Silvia