UK insurers add cyber risk capacity, but cautiously – WTW report

The cyber insurance market in the UK continues to grow apace, with fresh underwriting capacity having been made available in the second quarter of this year, according to insurance broker Willis Towers Watson (WTW).

Policies for cyber risks continue to focus on exclusions for war and terrorism, fearful of systemic risks associated with governmental use of cyber-attacks, particularly since Russia’s invasion of Ukraine.

Pricing adequacy remains a close concern for insurers, according to the broker’s market update.

“Clients with similar profiles may receive different levels of premium increases, the key being whether their insurer feels the expiring premium levels are sufficient,” WTW said.

For some insureds, rates have fallen, but the broker’s paper avoided making pricing generalisations.

“A small but increasing number of clients have received a pricing reduction compared to 2021, often where a segment most impacted by 2021 capacity challenges then benefits from increasing competition in that segment,” the broker said.

“In the same period, some accounts are still receiving increases of 50% or more, usually where their premium levels are significantly lower than their peers, demonstrating an out-performance of 2021 market conditions,” WTW’s report added.

Systemic risk fears

Insurers exhibit a continuing acute focus on war and terrorism exclusionary language, according to WTW.

“Detailed underwriting information, and specifically context, remain key. Policy coverage remains under very careful review,” the broker said.

“Unsurprisingly the Ukraine/Russia crisis has made Insurers nervous. Many insurers quickly reviewed their contract language relating to War and Terrorism exclusions and are mindful that Cyber-attacks have become a modern warfare tactic,” wrote WTW.

Insurers’ focus on language falls into a few categories, the paper detailed.

Many insurers are sticking with the N.M.A. 464 War and Civil War Exclusion Clause, with various amendments or cyber terrorism cover ‘carved back’.

Some underwriters are drafting updated exclusions based, to some degree, on N.M.A. 464 or are drafting a new exclusion all together.

Others are considering using one of the four model clauses proposed by the Lloyd’s Market Association, predominantly its ‘War, Cyber War and Limited Cyber Operation Exclusion No. 4’.

Advice for buyers

WTW’s report included some advice for insurance buyers, whether renewing an old policy or taking out a new one.

Clients are routinely asked to provide evidence of sufficient cyber security controls before a risk will be given consideration, the broker said.

Before submitting new or renewal risk proposals, WTW said that clients should:

• Ensure key stakeholders (Directors and Chief Information Security Officers (CISO), for example) are briefed on likely insurer requirements.
• Communicate their broker’s guidance regarding required levels of cyber security controls and the likely direction of premiums.
• Consider the bigger picture and what would be a good outcome for the business from insurance negotiations.
• Allow plenty of time to collate renewal information and to review/refine this with the help of their cyber insurance brokers.
• Present a well-articulated picture to insurers demonstrating their business has adopted a risk-based approach to cyber security. This will give insurers confidence in their cyber security strategy.
• Consider their wider use of insurance and the potential to obtain more favourable terms from existing insurer partners.
• Be open and collaborative with insurers in a partnership approach.