Urgent reassessment of cyber risk needed by insurers - AM Best report
A worsening risk landscape for cyber threats – headlined by ransomware attacks – means insurers need to reassess how they think about cyber risk, warns a report from AM Best.
The risk landscape for cyber attacks has outpaced the way the insurance market considers cyber business making necessary an urgent reassessment of the risks and its approach to insuring them, according to a US report from insurer credit rating agency AM Best.
Cyber insurance has been seen by insurers as a diversifying and secondary side-line, according to AM Best, whereas the reality for risk managers and insurance buyers is that cyber risk is now a primary component of a corporation’s risk management and insurance purchasing decisions.
A rise in cyber claims is outstripping hard market price rises in the US market, according to AM Best.
“The rate increases for cyber insurance outpaced that of the broader property and casualty industry, but the increase in cyber losses outstripped the rate hikes, which suggests more trouble for 2021 as ransom demands continue to grow,” said Sridhar Manyem, director, industry research and analytics, AM Best.
Two particular cyber risk trends stand out as paramount, the ratings firm said: ransomware attacks have become more common and more costly with “grim prospects” for US cyber underwriters; and aggregation risks mean that cyber risk is increasingly pervasive, with dangerous consequences for the sustainability of risk transfer.
“An insurer whose risk management approach is deficient can find itself subject to accumulation risk beyond its tolerance and could face ratings pressure,” said Fred Eslami, associate director, AM Best.
More organisations are turning to buying specific cyber policies, rather than relying on their traditional insurance policies. Sales of standalone cyber insurance policy were up 28% in the US in 2020, a higher rate of growth compared with packaged policies.
Insurers remain well capitalised but need to reappraise risk controls, modelling, stress tests, risk appetite and pricing, AM Best warned, to avoid becoming vulnerable and to remain viable long-term partners.
The underwriting loss ratio for cyber insurance rose for 15 out of the 20 largest US cyber insurers in 2019, rising to 67.8% on average from 44.8% the previous year.
The focus of cyber-attacks is also changing: first-party ransomware claims were up 35% in 2020 and now account for 75% of cyber claims, AM Best warned.
Hackers have become more sophisticated in their attacks, moving towards larger targets, and switching from stealing third-party data for identity theft frauds towards denial of service attacks designed at extracting ransoms.
“The recent Colonial Pipeline hack—for a multi-million dollar ransom—is an example of first-party claims that have become so prevalent,” said Christopher Graham, senior industry analyst, AM Best.