Alexandra Bretschneider said it feels like she has been a part-time grim reaper the last two years.

The cyber practice leader at broker Johnson, Kendall & Johnson said, “I am just constantly delivering bad news.”

Providing a perspective of the cyber insurance market for small- and medium-sized enterprises, Bretschneider said she’s had to tell clients of significant rate increases for coverage and has had to reveal that their investments in cybersecurity led them to “pay more for a product that’s probably giving you less.”

“It’s not been fun. It being called a hard market is aptly named,” Bretschneider said during a state-of-the-market panel at NetDiligence’s Cyber Risk Summit in Philadelphia early this month. “The rate increases in 2021 were extraordinary,” and even SME clients that “skirted under the radar” saw major increases during the first half of 2022, she said.

In line with recent marketplace reports, she said rate increases have slowed, but from the triple- or high-double-digit percentages to 10-30 percent hikes.

“Underwriting scrutiny in general still continues to be all over the map,” Bretschneider continued. “That is going to vary by carrier with every industry, every size of organization within that industry.” Insurers are reducing limits, restricting coverage and raising retentions.

“We used to be able to maybe squeeze by a couple higher legacy limits, but those days are really starting to dwindle,” she added.

Payal Patel, providing the outlook for larger organizations as the Northeast zone leader for Marsh’s cyber practice, said clients want more cyber insurance to protect themselves against a catastrophic event, but “the limit is not always available, or our corporate clients don’t always qualify for the limit based on their controls.” Plus, retentions here are also high—to the point some clients “don’t think that the insurance policy is actually going to protect [them] when [they] need it most.”

Patel said coverage is being removed “where it hurts”—where clients believe they need it most. “There’s not really a lot of value for them to spend that money for coverage where ransomware or business interruption costs are supplemented so lightly that they don’t feel like it’s actually protecting their operational technology risk where it may hurt the most,” she said.

Bretschneider said clients understand the need for rate increases, especially as the market grapples with the systemic risk cyber presents. Clients have largely shifted from believing they won’t be targets of hackers to now buying cyber insurance and thinking about pre- and post-event mitigation plans, which has been beneficial since the marketplace has recently forced clients into that behavior in order to obtain insurance.

For all the work done by the cyber insurance marketplace to achieve rate, “there still needs to be a correction to some extent,” said Jacob Ingerslev, head of Cyber & Tech Underwriting at Tokio Marine HCC. “Despite all of the changes—all the price changes and reductions and the underwriting requirements—it only moved the loss ratio several points down. If you look at the top 10 carriers, half aren’t making money.”

Eric Seyfried, head of the cyber & technology US Open Market at Axis, said the “firm, industry-wide approach” by insurers is leading to a “certain level of maturity and hygiene and operational sophistication” among policyholders, and if the marketplace continues to get “some rate and push down some better controls,” prices may move to reflect new and better risks, but the data is not yet available for that to happen consistently.

Brokers Patel and Bretschneider said the marketplace is not uniformly distinguishing good risks from the bad. Patel said some of her large corporate clients “feel like they’re funding the losses across the market” as rate increases continue to come in even for longstanding accounts without a claim history.

“We as an entire insurance community need to be more uniform on some of the priorities around what we think is a good risk versus what we think is a risk that should be charged more,” Patel said. The questions on applications are changing, but the “way insurers are underwriting based on the claims activity they are seeing are not changing.”

Bretschneider agreed that data is needed for the market to make better decisions and refine models, but there is so much movement within the marketplace that submissions are “off the chart.” As rates soften, she predicted more renewals with incumbents, reducing submissions looking for the best price and coverage. There is “going to be more time to actually underwrite” as insurers weigh rate increases against the desire to retain good accounts.