Cyber Insurance

We are pleased to present the results of our comprehensive global survey of the cyber insurance market, a joint venture by PartnerRe and Advisen, now carried out for the seventh year running. The survey took place during the second quarter of 2020, with 260 cyber insurance brokers and 190 cyber underwriters worldwide sharing their observations and views on the latest trends and developments

Sales Motivations

What industries brought the most new-to-market buyers of standalone cyber insurance (including those switching from endorsements)?

Continuing a trend that began last year, ‘Manufacturing/industrial’ generated the newest to-market buyers to the standalone cyber market, with nearly half of our survey respondents identifying the sector among their top three. Interestingly, ‘Healthcare’, which took the top spot in the 2018 survey, dropped to fourth place, suggesting higher levels of cyber insurance penetration have now been reached in this industry known as a frequent target for a data breach.

What do you see as the top driver(s) of new/increased cyber insurance sales?

Cyber insurance buyers take lessons from their peers – ‘News of cyber-related losses experienced by others’ and ‘Experiencing a cyber-related loss,’ continue from last year as the two most common drivers of cyber insurance sales for brokers and underwriters. ‘Board or senior management demand’ is on the rise, however, signaling increasing awareness of the risks faced by organizations.

‘Required by a third-party (e.g., customer)’ has maintained its position among the top four drivers as organizations continue to prioritize the cyber security posture of their business partners.

Coverage Requests

Endorsements Are Falling Out Of Fashion

What industries brought the most new-to-market buyers of cyber insurance by endorsement? Select Top 3

The number of respondents answering this question was notably low, with many commenting the question was “not applicable.” Several underwriters specifically commented here that their companies do not offer cyber endorsements. Many brokers said they placed none, finding insurers “reluctant” to provide them with the services they’re looking for. One stated, “I see a clear tendency for standalone,” while another said, “Endorsements are not worth it.”

39% of respondents seeking coverage said ‘Professional services’ in their top three new-to-market buyer industries, and 26% of respondents said ‘Manufacturing/industrials.’ These are also the two leading buyer categories as standalone cyber insurance.

A few commented that smaller, more “price-conscious” businesses might look to endorsements. Still, as one respondent noted, “The cyber market has been so cheap that small businesses can buy a policy once they realize the expanded coverages.” For more on market competitiveness for SME accounts, see the section, State of the Market.

Cyber-Related Business Interruption Increases Lead As Most-Requested Coverage

What cyber coverages are (new and renewal) buyers most interested in purchasing? Please select top three.

Cyber-related business interruption’ remains (now for the third year running) the most-requested coverage, creeping up a further 8 percentage points in 2020. ‘Cyber extortion/ransom’ has steadily moved up, now just eclipsing last year’s number-two coverage, ‘Funds transfer fraud/social engineering’, which has dropped to third place. This makes sense, given the fact that ransomware attacks increased in prevalence over the last year, causing both financial damage and business disruption for victimized organizations. News reports of ransomware incidents have become a near-daily occurrence and are helping to drive awareness of the risks to all businesses.

Risk Aggregation

Increasing Emphasis On Risk Aggregation And Use Of External Vendors

Does your company actively manage aggregation?

Our annual questions for underwriters on the accumulation of risk showed a continuing trend toward using outside (third-party) vendors for help in actively managing aggregation – 40% now manage it in-house and use outside vendors, up from 29% in 2019 and 16% in 2018. This increase is not at the expense of ‘Yes, we do it all in-house. Hence, the indication is a growing maturity around the need to manage cyber risk aggregation and areas where outside perspectives can be helpful.

Does aggregation management impact your underwriting or pricing decisions?

Aggregation management is also having more of an impact on underwriting and pricing – an overwhelming majority of underwriters (90%) said it ‘Always’ or ‘Sometimes’ affects their decisions. This is a significant jump up from 73% in 2019 and confirms a trend we noticed last year. An improving grip on aggregation could also help to explain why cost remains a key consideration for buyers.

If you use third-party vendors, what are your primary uses of vendor products during the underwriting process?

This new question highlights the primary usage in the underwriting of third-party vendors; usage is varied but using vendors to ‘Identify top risk factors’ tops the chart.

Wide-Ranging Views On The Impact Of COVID-19

Please share your views on the impact of the COVID-19 pandemic on the cyber insurance market – Wide-ranging views on the impact of COVID-19

The wide spectrum of answers to this question shows how COVID-19’s impact on cyber remains uncertain. Several expressed concerns, like we are in the “quiet before the storm” and “there are breaches yet to be discovered.” Work-from-home was often cited as likely to increase the exposure/losses as cybercriminals take advantage of the disruption. For example, “Heightened awareness of the risks posed by a largely remote workforce may encourage premium growth, but those same risks will likely drive further losses.” Other respondents felt cyber insurance could fall from the spotlight as organizations wrestle with reduced revenues from COVID-19, but that it would rebound in the long term. Similarly, several noted that their customers “are too busy right now to even talk about it” as they focus on survival, particularly SMEs. One respondent added, “In general, this pandemic will test the cyber culture organizations have (or haven’t) created. Those that have been proactive to considering the multifaceted cyber risk exposures will [be] better prepared to handle the remote demands that are being thrust upon them. Those that haven’t, are more likely to stumble along the way, leading to a great likelihood to experience a breach.

Expert Comment

“2020 has marked a turning point for many in the cyber market. With ransomware losses helping drive increasing attritional loss ratios and growing tail risk concerns, we are encouraged by the market’s actions in this shifting environment. Investments in analytics, clarification of non-affirmative cyber coverage, slowing of coverage expansions, and rate increases will all greatly benefit the industry over the long term. In addition, brokers are continuously bringing new buyers to the market, increasing the diversity of insureds. However, the current changes may not be enough to stem the increasing loss trends the cyber market has faced recently. Many of our clients report projected rate increases in 2021, similar to those seen in 2020. Whether this will be sufficient, bearing in mind that increases are not enough this year to stop creeping loss ratios and that new issues can arise, need consideration.” – Andrew Laing Head of Cyber & Emerging Risks, PartnerRe.