Capacity expands as cyber cat bonds take off

The cyber liability insurance market softened in 2023 as increased competition and capacity led to lower rates after a short-lived slowdown in ransomware attacks during 2022. 

Additional reinsurance capacity was also added as insurance-linked securities markets issued cyber catastrophe bonds last year. 

A resurgent threat landscape, however, and rising claims activity could cause a rebound in pricing this year, some experts say.

Cyber insurance rates were generally flat or a few points up or down depending on specific lines and geographies during recent renewals, sources said. The U.S. market was a little softer than overseas, and excess and surplus lines generally saw larger rate decreases than primary lines, they said.

“There have been some fluctuations depending on geography and the size of client but anywhere from positive single digit down to negative single digit,” said Anthony Dagostino, New York-based global cyber chief underwriting officer for commercial lines at Axa SA.

Rates, which increased significantly after claims rose during the COVID-19 pandemic, have been tempered by the competition generated by added capacity for cyber coverage. 

“We are seeing new entrants into the market, particularly with new managing general agents bringing new capital into the market,” said Washington-based Rachel Lavender, Marsh LLC’s U.S. & Canada cyber brokerage leader. 

Marsh data showed fourth-quarter 2023 cyber rates down 4% compared with a 6% decrease in the prior quarter.

“Threats are expanding and that attracts capacity to meet the demand,” said Mario Vitale, New York-based president of Resilience Cyber Insurance Solutions LLC, a managing general agent that has recently expanded its underwriting authority to include coverage for global companies with up to $10 billion in annual revenue.

“We definitely saw carriers become more aggressive,” in deploying capacity, said Nadia Hoyte, New York-based national cyber practice leader for USI Insurance Services LLC. She said insurers appear more comfortable with offering capacity as they gain greater understanding of cyber exposures.

Last year also saw the introduction of insurance-linked securities for cyber coverage, or cyber catastrophe bonds. 

Paul Bantick, London-based global head of cyber and technology for Beazley PLC, which issued some of the initial securities, said the added capital markets capacity and new method of risk transfer will help cyber insurance markets continue to grow.

“To meet the emerging demand, we need these vehicles,” he said, noting catastrophe bonds have become a staple source of reinsurance coverage for property insurers.

Ransomware and privacy claims, however, are ticking up, which could lead to higher rates, some experts say. 

<a rel=”gallery” class=”fancybox” href=”https://www.businessinsurance.com/assets/pdf/BI_0324-11A.png”><span class=”rsrch_img” style=”background:white !important; width: 480″>

<img src=”https://www.businessinsurance.com/assets/pdf/BI_0324-11A.png” width=”480″></span></a>

Kristen Peed, Cleveland-based head of corporate risk for San Mateo, California-based Sequoia Benefits and Insurance Services LLC, and vice president of the Risk & Insurance Management Society Inc., said rising ransomware and other cyber exposures present risk managers with an emerging and evolving challenge. 

“In 2023, we saw all the hallmarks of a favorable market for cyber insurance. We saw increased competition, we saw rates flat or falling, and we saw generally more favorable terms than in prior years,” said John Farley, New York-based managing director of Arthur J. Gallagher & Co.’s cyber practice.

“Some of that has still continued on into 2024,” Mr. Farley said. “But at some point, cyber claims trends will drive the market, and if they continue to increase in frequency and severity, then we’re going to see underwriters react. We’re not sure where the inflection point is going to be, but at this point we’re still in the same pattern we’ve seen over the last year.” 

After abating somewhat during 2022, ransomware attacks have returned as a significant exposure for policyholders.

“Ransomware attacks are continuing to rebound. They’re increasing not only in frequency but also the sophistication and the severity with which they’ve hit companies,” said Ms. Lavender of Marsh. 

“We’ve seen an increase in loss in 2023 compared to 2022,” said Rich DePiero, New York-based executive vice president and head of Sompo Pro, a unit of Sompo International Holdings Ltd. 

Data privacy is another area of concern, he said.

“We’re monitoring that very closely. Those losses are beginning to add up and we expect to probably start seeing a lot of those claims being paid out over the 2024 policy period,” Mr. DePiero said.

Emerging technologies such as artificial intelligence can be both part of the threat and part of the solution. 

“These things have the potential to be used by cyber bad actors, from an offensive perspective, and they have the potential to be used by cyber defenders,” said Patrick Thielen, Chicago-based global head of cyber for Liberty Mutual Insurance Co.