Growth in the U.S. cyber insurance market continues to slow, with 2019 marking the fourth consecutive year in which premiums grew less than in the prior year, says a new report from AM Best. At the same time, the number of claims has doubled and awareness of the risk continues to increase.
Direct premiums written in the admitted U.S. cyber insurance market increased 10.9 percent in 2019 to $2.25 billion—a marked difference from 2016-2017, when DPW grew by more than 30 percent annually.
Chubb INA Group once again led the pack of top cyber insurers, with DPW of $356.9 million in 2019, followed by XL Reinsurance America Group ($229.7 million) and American International Group ($225.8 million).
Standalone cyber grew at double the rate of packaged cyber policies: Standalone policy premiums were up 14 percent in 2019 to $1.26 billion, while packaged cyber premiums grew 7 percent for the year, coming in at $988 million. AM Best says the focus on standalone policies is likely due to companies’ “escalating concerns about cyber risk and their strategic choice to purchase policies solely for cyber risk protection.”
When it comes to policies in force, Hartford continues to far outpace the competition, with more than double the policies of second-place The Cincinnati Insurance Companies (542,700 vs. 226,900).
A Changing Risk Landscape
The number of cyber claims has doubled over the last three years, growing from 9,000 in 2017 to 18,000 in 2019. AM Best warns that “claims are growing exponentially, which will be an issue if prices cannot keep up with rising frequency.”
Insurers are still battling the claims resulting from 2017’s NotPetya, and hackers continue to find new vectors of attack.
Ransomware continues to be a problem, AM Best says, with many criminals targeting the financial services and healthcare industries, as well as municipalities. According to CoveWare, the average ransom payment increased to $84,116 in fourth-quarter 2019, up 104 percent from $41,198 in the third quarter. Demands for ransom can vary wildly, ranging from around $1,500 up to millions of dollars.
Hackers are also taking advantage of the global pandemic, pretending to be from the World Health Organization (WHO) or the Centers for Disease Control (CDC) and spoofing contact numbers to solicit donations for fake funds, while others are exploiting the vulnerabilities of companies forced to make an unplanned transition to remote working.
For more information, see the full AM Best report: “Cyber Insurance: Profitability Less Certain as New Risks Emerge”