The pandemic caused economic and insured losses from cyber attacks to skyrocket, which has heightened awareness of the risk and increased demand for cyber re/insurance, according to a report published by S&P Global Ratings.

“The trend toward digitalization will inevitably lead to a higher likelihood of cyber incidents. Prices in the cyber re/insurance market could therefore rise sharply over 2021-2023, even doubling in some cases,” said S&P Global Ratings credit analyst Manuel Adam, in a statement accompanying the report, titled “Cyber Risks In A New Era: Reinsurers Could Unlock The Cyber Insurance Market.”

With the substantial pick-up in cyber losses, re/insurers saw higher combined ratios in 2020 and 2021 than in previous years, said the ratings agency.

Citing Aon statistics, S&P said the cyber combined ratio in the U.S. increased by more than 20 percentage points to 95.4% in 2020, from 74.5% in 2019. (Editor’s note: S&P compared data from two U.S. cyber market updates published by Aon in June 2020 and June 2021).

S&P attributed the losses to the growing frequency and severity of ransomware and social engineering claims. “These include claims for business interruption, rising incident response costs, and extortion demands.”

Even after raising re/insurance premiums, S&P said, cyber business lines were not as profitable in 2020 as they had been in previous years. To sustain long-term profitability, S&P expects that insurers will continue to restructure their cyber insurance offerings by further increasing rates and adjusting their terms and conditions (T&Cs), particularly the exclusions.

“Some insurers also intend to further reduce their pay out limits, especially where contracts include ransomware or business interruption components. At the same time, they hope to increase retention levels through 2021-2023,” the report noted. “Depending on the region and T&Cs, policyholders could expect rate adjustments of up to 100% because the risk level has fundamentally changed.”

Silent Cyber

S&P said there has been a shift from nonaffirmative cyber coverage (known as silent cyber) to affirmative (or explicit) coverage, which is leading to previously unrecognized premium volume.

“Where policies carry this type of uncertainty, insurers can find themselves facing losses to settle unexpected cyber-related claims,” said the report.

Nevertheless, cyber underwriters have become more experienced, can base decisions on exponentially improved data sets and are cautious about expanding insurance limits and T&Cs, continued the report.

Given the volatility of cyber risks, S&P said it’s appropriate that reinsurers are taking a restrained approach that indicates stronger risk management in the global reinsurance sector. “We see a strong correlation between the sophistication of insurers’ risk management and their approach to managing cyber risk.”

Increasing Reinsurance Demand

The report said the pandemic exacerbated the huge cyber reinsurance protection gap by causing existing and new clients to increase demand for the protect, requesting larger limits and more inclusions in their policies’ terms and conditions (T&C).

“Primary insurers rely relatively heavily on the reinsurance market for cyber insurance because it has a relatively short track record compared with more traditional and mature property/casualty lines of business,” said S&P, estimating that they pass 35%-45% of global cyber premium to reinsurers, with some regional variation.

Cyber Market Development

S&P expects this business line to be one of the fastest growing insurance markets over the next decade. “The dynamic change in claims pattern, rise of cyber threats, and huge accumulation risk creates an opportunity for larger reinsurance capacity.”

As a result of these trends, the number of reinsurers and insurers offering cyber coverage is rising, along with demand, but capacity is still limited, the report said

S&P noted that the market would benefit from the development of a comprehensive retrocession market, as well as the use of insurance linked securities (ILS) or alternative capital to improve capacity.

“The market faces increasing demand, but limited supply. In our opinion, lack of capacity could be holding back the development of a sustainable cyber re/insurance market,” the report affirmed.

Cyber Reinsurance Partners

“[W]ith such a new segment, we think it is important for reinsurers to offer primary insurers support in managing the underwriting and risk management processes for cyber, as they do for natural catastrophe exposures.”

Indeed, S&P said, reinsurers have taken on an even more important role in the cyber insurance ecosystem over the past two years and are generally well placed to enable development of the cyber insurance market.

With their accumulated expertise in underwriting and modeling, reinsurers generally are pioneers in “the assessment of cyber risk thanks to their complex enterprise risk management frameworks and investment in expertise,” the report indicated.

Further, reinsurers provide cedents with greater balance sheet protection against high-frequency, high-severity losses, while supporting access to cyber-related services, S&P said.

While global multiline insurers often have in-house cyber expertise, some midsized and regionally focused insurers do not have the resources to enhance their cyber skills, the report continued. “Therefore, they are more reliant on the external know-how offered by reinsurers.”

For example, many clients appreciate reinsurers’ help with comprehensive IT expertise and services associated with prevention measures, crisis management, and data recovery, the report said. “Transparent and proper legal and crisis communication is also key to avoiding or minimizing regulatory fines, third-party legal claims, and reputational damage.”

*This story ran previously in our sister publication Insurance Journal.