Cyber insurance market has the potential to scale to rival the size of other major P&C lines if three key challenges can be successfully navigated, according to Howden’s third cyber report, ‘Coming of Age’
- Future growth and relevance now centres around three key themes: penetrating new markets (particularly SMEs), addressing systemic risk and expanding available capital
- Given the highly volatile geopolitical climate, Howden backs efforts to get ahead of the cyber warfare issue by proactively providing clarity to clients and investors around the scope of cover
- Pricing increases that have driven the growth of the cyber insurance market in recent years are now receding
Howden, the international insurance broker, has today released its third annual report on cyber insurance, titled Coming of Age, which reveals that the size of the market could reach USD 50 billion by 2030. Whilst the report finds that the foundations are in place for the cyber market to scale up, the realisation of this potential is tied to three key factors: distribution, tail-risk management and attracting capital. If these challenges can be navigated successfully, the cyber market is on the cusp of potentially transformational growth.
Following a major market correction off the back of surging ransomware claims in 2020 and 2021, which led to the cost of cyber cover more than doubling, conditions started to stabilise last year as activity relented and more robust risk controls deterred or mitigated attacks. But cyber rarely stands still, and developments in 2023 point to a nuanced marketplace, with optimism around more favourable supply dynamics for insurance buyers (off the back of improved underwriting performance for insurers) tempered by resurgent ransomware activity, ongoing concerns about potential systemic losses and capital availability.
Figure 1: Ransomware activity up nearly 50% so far in 2023 vs 2022 (Source: Howden analysis based on data from NCC Group)
The first half of 2023 saw a significant rise in ransomware attacks, but disclosures from a number of carriers in 1Q23 suggest this has not (yet) been accompanied by a corresponding rise in claims. This points to the efficacy of risk controls in making companies more resilient and supporting a more stable cyber insurance market. Conditions are now relenting, and buyers that have the correct risk controls in place are being rewarded with more favourable pricing and terms.
This puts the market on a sound footing for growth, but the report shows that more work need to be done if it is to meet the growing demands of clients worldwide. By overcoming potential limitations around systemic risk, penetration and capital, the cyber insurance market has an unparalleled opportunity to grow.
- War exclusions
The introduction of new war language has been contentious, but clients are increasingly recognising the importance of proactively scoping out the parameters of cover for cyber warfare, both for their own benefit such as minimising the potential for coverage disputes, and for providing underwriters and investors with the confidence needed to commit to the market.
Sarah Neild, Head of UK Cyber Retail, said: “Getting this right is crucial for the sustainability of the cyber market. By providing a framework designed specifically for cyber’s unique risk profile, clients will be offered more certainty around the parameters of cover and what is insurable and what is not. The process of defining the limits of cover specific to cyber acts of war will help to fulfil the potential of this market, but only if the clauses are fit for purpose and clients’ needs are met.
“With one of the largest global reinsurers steadfast on the application of their war language, wider adoption seems inevitable, despite carriers’ disparate views on what adoption should look like. Increased uniformity on this topic would ultimately help the market secure relevance for the long term.”
- Increasing penetration
Pricing increases in recent years, from 2020 onwards especially, have driven the growth of the cyber insurance market, but these tailwinds for insurers are now unwinding or even reversing in certain areas. Figure 2, which shows Howden’s Global Cyber Insurance Pricing Index from 2014, along with year-on-year changes, attests to this. Whereas annual rate increases of more than 100% were recorded during the first half of last year, the corresponding period in 2023 has seen flat renewals or even decreases in recent months as pricing has come off historical highs.
Dan Leahy, Associate Director, said: “Having navigated the early phases of development that often come with new, fast growing lines of business, the cost of cyber insurance is now more commensurate with loss costs following the recent correction. Whilst the first half of 2023 has seen pricing decline, the sustainability of this trend remains uncertain given the pervasive threat environment.
“Rates nevertheless cannot be relied upon to drive market expansion to the extent that they have recently, requiring ambitious plans for exposure growth. Penetrating new territories and company demographics is therefore pivotal to realising the full potential of cyber insurance.”
Figure 2: Howden’s Global Cyber Insurance Pricing Index – 2014 to 2Q23 (Source: Howden)
Although risk awareness is growing across the board, cyber insurance essentially remains a large corporate market currently, and work needs to be done in engaging with smaller companies especially. In France, for example, of the premiums paid for cyber insurance in 2022, 85% came from large companies. The remaining 15% coming from mid-sized companies and SMEs, but were responsible for a disproportionate share of reported claims.[1]
- Reinsurance Capital
The direct market’s use of reinsurance is the single biggest differentiator between cyber and any other class of business. With approximately 45% of cyber premiums ceded to reinsurers currently, broad capacity constraints and price corrections in the reinsurance market present potential limitations.
If the cyber market is to scale up to rival other major lines of business, cyber reinsurance supply will need to increase significantly in order to meet demand between now and 2030. Whilst cyber reinsurance premiums are currently in the range of USD 6 billion, they would need to increase more than three times over in order to fulfil growth expectations by the end of the decade. Such high levels of growth would be ambitious during favourable market conditions, let alone when supply is as constrained as it is currently in the reinsurance market.
Further innovative thinking around matching risk to capital is needed to realise the full potential of cyber (re)insurance from here. Growing consensus on risk definitions, alongside product innovation around systemic exposures in particular, are already attracting third-party investors. Maintaining focus and momentum in this area will be crucial to seeing alternative capacity becoming an integral part of the cyber market’s capital structure.
Figure 3: Growth potential of cyber insurance and reinsurance markets up to 2030 (Source: Howden)
Shay Simkin, Global Head of Cyber, Howden, commented: “Ensuring that cyber insurance is relevant to clients of all sizes is paramount to improving access in new territories and across different sections of the economy. Attracting capital is also crucial to this goal, a task which should not be underestimated given current macroeconomic challenges and capital constraints.”
“Howden remains committed to advocating for clients as the market adapts to what is a fluid and highly charged threat environment. As one of the biggest global insurance intermediaries in the world, we are conscious of our responsibility to inform the discussion in the interests of clients. Our report attempts to do just that. The analysis included extends to other critical areas such as supply chain risk, the fallout from the Ukraine war and read-across implications for future conflicts. By bringing important market trends to the fore, Howden is leading the discussion, enabling us to facilitate the most innovative client solutions and secure unrivalled access to capital providers.”
Click here to read the full report.