Global cyber premium volume is set to increase six- to eightfold within a decade, according to a new report from Fitch Ratings.
Released on Wednesday, the report Cyber Insurance – Risks and Opportunities (Global Non-Life Insurer Underwriting Exposures Examined) found that cyber insurance has been a profitable business line for early market entrants and is a rapid growth segment. “We expect cyber insurance business to be ratings neutral for most highly rated insurers with sound underwriting, particularly as it represents a relatively modest percentage of individual insurers’ overall premium volume and risk exposure,” the ratings firm said in a press release.
Cyber insurance is an emerging business line that presents unique, new risks for insurers, with limited historical loss data creating difficulty in pricing coverage, Fitch noted in the release. The nature of cyber risk and the wide variety of potential cyber events add to challenges in quantifying risk aggregations and catastrophe loss potential, Fitch added. A lack of standardized policy language and terms can also lead to meaningful differences in individual carriers’ product offerings, which is a source of confusion and uncertainty for policyholders.
Insurers that lack cyber underwriting expertise, poorly manage their risk accumulations or fail to recognize loss potential from “silent” cyber exposure in their traditional commercial insurance products could face pressure on earnings, capital or even ratings, if large loss scenarios emerge as the market expands. Unduly large cyber risk aggregations of specific insurers may not become evident until after a large or catastrophic cyber event, the release pointed out.
The benefits of geographical diversification for an insurer’s credit profile are not necessarily as strong for cyber exposure relative to other insurance lines. Recent ransomware attacks show that digital interconnectedness across the world can lead to a very wide geographic footprint for a single cyber disaster, Fitch noted. Risk concentrations may be more correlated to factors other than industry or geography, such as concentrated exposure to one electronic payment processor or firewall system.
The global market for standalone cyber coverage is estimated to have grown to between US$2.5 billion and US$3.5 billion annually. Growth is being driven by increasing risk and awareness of cyberattacks, such as the recent theft of an estimated 143 million individuals’ personal data from credit monitoring agency Equifax between May and July of this year. More active cyber regulation in the United States is a prime factor behind an estimated 90% of global cyber premium originating there.
Developing cyber regulation in Europe and elsewhere is likely to spark demand for coverage, Fitch went on to say. The European General Data Protection Regulation (GDPR) implementation in May 2018 will introduce more stringent notification requirements that increase awareness of the prevalence of data breaches. The GDPR will also expose organizations to large fines for data breaches – up to 4% of turnover – although it is not clear whether insurance would be allowed to cover these, Fitch concluded.