What is driving cyber insurance sales on the direct side?
- The increased risk and associated high costs of regulatory actions have driven clients to purchase cyber insurance cover for the first time, or to reassess the adequacy of currently purchased limits.
- Swelling regulatory pressure is driving cyber risk awareness at a governance level as well. The California Consumer Privacy Act (CCPA) represents one of the toughest data privacy laws in the United States. The CCPA, which took effect in January 2020, requires companies that store large amounts of personal information to disclose the types of data collected and to allow consumers to opt out of having their data sold. Taking a cue from California’s playbook, many other states have introduced their own consumer privacy and data security laws.
- Frequency and severity of ransomware attacks has increased for businesses across a wide spectrum of industries, geographies and revenues. Though all classes of business have been targeted, healthcare and public entity organizations have been particularly impacted. In one example of the many medical facilities hit, T-System, which provides services to more than 40 percent of US hospitals, fell victim to Ryuk ransomware in November 2019. (1) Ransomware threat actors were also behind more than 70 attacks on US state and local governments in 2019, (2) plus another 1,000+ attacks on US schools. (3) And the threat is a global one. The United States stands as the largest target at 53 percent, while the Middle East, Europe and Africa together make up the second largest target at 35 percent of global attacks.
- There is a push for clarification of cyber cover under non-traditional policies, with the goal of eliminating silent cyber uncertainty. This is driving the purchase of standalone cyber insurance as clients realize their traditional policies may not give them the coverage they assumed they had.
- Seamless interconnectivity between digital and traditionally non-digital environments is increasing, highlighting the inherent vulnerabilities of The Internet of Things and operational technology.
- A lack of dedicated resources and a growing awareness of the criticality of getting back up and running following an attack are increasing the realization among clients and small- and medium-sized enterprises of the need for breach response services.
What is driving cyber sales on the reinsurance side?
- Year-over-year direct sales of cyber cover grew by 25 percent, increasing the size of insurer portfolios.
- There are growing concerns about escalating attritional losses and the fear of a systemic or catastrophic loss despite profitable experience.
- Robust reinsurer appetite to deploy cyber capacity due to favorable loss ratios and a growing premium base are driving interest.
- Ongoing investment and elevated expertise across the industry are generating refreshed reinsurance structure design and driving innovative new product development.
- Insurers are clarifying coverages under non-cyber traditional policies and pushing more exposure to the cyber market.
- More sophisticated quantification methods that help to build risk tolerance, develop views of risk and inform reinsurance structures are emerging.
- There is an increased awareness of catastrophe loading uncertainties and systemic risks.
Footnotes:
1. https://www.bleepingcomputer.com/news/security/ryuk-ransomware-is-making-victims-left-and-right/
2. https://www.cnet.com/news/ransomware-devastated-cities-in-2019-officials-hope-to-stop-a-repeat-in-2020/
3. https://www.darkreading.com/threat-intelligence/ransomware-crisis-in-us-schools-more-than-1000-hit-so-far-in-2019/d/d-id/1336634