Pricing adequacy questioned in soft cyber market

NEW YORK — Pricing for commercial cyber insurance coverage has moderated recently after a prolonged hard market, but the frequency and severity of losses have not abated to the same extent, raising questions about the adequacy of pricing, according to a panel Tuesday at the Professional Liability Underwriting Society Cyber Symposium in New York.

“Right now, we’re still in the middle of a soft market, and with that you’re also seeing deceleration of rate at a pretty good extent,” said Tony Dolce, vice president and head of professional liability, cyber and technology errors and omissions underwriting, at The Hartford Insurance Group Inc.

Increased capacity is largely driving the lower pricing and rates, Mr. Dolce added.

As pricing has moderated, exposure continues to increase, such as advancements in social engineering and new ransomware groups. “We find ourselves in the market where we’re a little bit disproportionate to exposures as an underwriter,” said Tim Francis, vice president and enterprise cyber lead at Travelers Cos. Inc.

Paul Needle, senior vice president and cyber treaty underwriter for Munich Re U.S., part of Munich Reinsurance Company Ltd., called the topic of rate adequacy “complex and dynamic” given the pace at which the cyber market can change, potentially making loss histories less relevant to the future, complicating pricing.

“We’ve seen companies go from 90% primary to 90% excess. We’ve seen the geography appetite change, moving from North America to Europe. We’ve certainly seen average attachments fluctuating. We’ve seen appetites in revenue bands changing. When you have these types of changes, your loss history is a little bit less indicative of your future performance,” Mr. Needle said.

One response has been to maintain pressure on policyholders to implement proper cyber controls within their organization, such multi-factor authentication.

While MFA has become part of the “critical baseline” of controls, more such controls may be introduced this year, said Nadia Nicole Hoyte, national cyber practice leader in the executive and professional risk solutions practice for USI Insurance Services LLC.

Ms. Hoyte also emphasized “training, training, training – we have not seen the end of training” for employees on proper cyber hygiene.