Standard & Poor’s: U.S. Insurers Responding Cautiously to Soaring Cyber Coverage Demand

Print Email
June 12, 2015

Standard & Poor’s predicts a major jump in demand for cyber insurance in the coming years, with interest initially outstripping supply. U.S. insurers will respond gradually, however, entering the market with caution, allowing for breathing room to develop knowledge and experience about the fast-evolving risk, the rating entity found in a new report.

Insurers remain hesitant to embrace cyber risk quickly because it is “fast moving, impossible to predict, and difficult to understand and model, but change can be immense,” S&P noted.

Another concern: aggregation risk and clash with other policies.

Standard & Poor’s outlined these and other insurance related cyber trends/concerns in its newly-released report: “Looking Before They Leap: U.S. Insurers Dip Their Toes In The Cyber-Risk Pool.”

Specifically, the S&P report says that cyber insurance demand will grow significantly in just the next few years “as management teams utilize both offensive and defensive capabilities,” and perception of cyber risk and its financial costs grows due to increasing media coverage.

What’s more, attacks will increase in both frequency and sophistication as losses grow. Lloyd’s estimates that there are around $400 billion in annual losses due to cyber hackings, only a small number are insured, S&P said.

With that in mind, cyber insurance is gaining more promotion and regulators are encouraging companies to buy it to help manage their risks and minimize the cost of a breach. Cyber breaches can damage an organization’s reputation, and that could also spur the growth of the cyber insurance market. More regulations passed in response to recent hackings should also trigger interest in cyber coverage, according to the report.

“Cyber insurance is a sellers’ market, unlike more developed/traditional business lines,” Standard & Poor’s said.

At the same time, however, insurers aren’t exactly jumping in “with both feet,” Standard & Poor’s explained in its report, noting a number of reasons.

“Due to the changing nature of technology and hacking strategies, insurers don’t have an accurate loss history,” Standard & Poor’s noted in the report. “For example, companies that may have used one software platform might switch to another software and hardware platform that has different network access points and vulnerabilities.”

Standard & Poor’s said that insurers face added challenge with companies increasingly moving “critical IT functions” to third party vendors, a move that leaves companies heavily dependent on those vendors’ information security standards.

“Whereas traditional liability products may use revenue and industry as particularly important drivers of risk assessment, it is much more difficult to determine a company’s ability to defend itself from a very determined hacker” as a result, the Standard & Poor’s report said.

Standard & Poor’s said insurers are wary about aggregation risk, which can happen when a hacker drops a bug into widely used software that ends up hitting many different policyholders. Clash is also at issue – where a cyber attack can affect multiple coverages within a single policy, such as crime, medical malpractice and D&O, according to the report.

As Standard & Poor’s points out, these issues haven’t stopped insurers from exploring cyber coverage. Rather, they have worked to mitigate factors such as aggregation risk and clash by offering line sizes that are relatively small, with around $25,00 for the average small company and as much as $5 million to $25 million for larger companies.

Coverage for large companies can also be stacked to reach higher capacities, Standard & Poor’s said. Also helping: many primary insurers have started offering cyber protection “with substantial support from reinsurance partners,” the ratings entity said.

“There are more than 20 reinsurers currently writing cyber business to some degree and given current soft pricing conditions, the appetite to assume cyber risk might grow,” S&P said. But those same reinsurers are also worried about risks including cyber modeling and aggregation risk, according to the report.

With these risks in mind, S&P said it does expect cyber insurance capacity to increase as experience in the sector grows. But new players will “enter the market prudently,” according to the report, “through low limits, exclusions, and access to reinsurance support.”

Source: Standard & Poor’s

Print Email

Was this article valuable?

Here are more articles you may enjoy.

La Nina 60% Likely to Develop Between June-August
Florida Gets 8 New P/C Carriers After Insurance Market Reforms
USAA to Lay Off 220 Employees
AM Best Downgrades State Farm General Ratings

Related Articles

Carriers Writing U.S. Cyber Insurance Soared to 170 in 2017: Aon
Medical, Personnel Data More Valuable Than Credit Data to Cyber Spies
RIMS: Enterprise Risk Management Does Indeed Help Spot Cyber Risks
Beazley/Munich Re Start Selling Broad Cyber Cover for Large Global Companies
Obama Urges Congress to Quickly Pass Cyber Security Legislation
Cyber Insurance Underwriting Advances to its ‘Teen’ Years in Terms of Experience
Demand Up for Cyber, Supply Chain Coverage: RKH Survey
Scope of Federal Hack Attack Widens as White House Weighs Responses
CNA’s 5 Ways to Strengthen Cyber Risk Management
AmWINS New Cyber Facility Offering $100M XS Capacity
Marsh Sees Directors and Officers Risking Cyber Attack Liability
Guy Carpenter Adds Financial Institutions and Cyber Components to GC ForCas Platform
Cyber Attacks Becoming Significant Threat to Insurer Credit Quality: A.M. Best

Latest Magazine

Carrier Management magazine

Research & Whitepapers