As demand for cyber insurance continues to grow, insurers must remain vigilant in managing the changing risk associated with the line of coverage.
According to today’s DBRS Morningstar’s commentary on the exploding line of coverage, while cyber insurance is a market opportunity for insurers, it also presents a different type of risk to manage—one that can be more difficult to value and price than most other insurance risks.
With artificial intelligence, cyber attacks will continue to evolve, meaning insurers will need to monitor and manage the risks accordingly.
“The challenge arises in part due to the relative lack of comprehensive and credible data given the evolving nature of cyber crime, its potentially catastrophic nature as well as the high level of technical expertise necessary to correctly value this risk,” the report cites.
These challenges can be handled with “appropriate policy terms and conditions and risk management measures that are effective in managing the volatility of the loss ratio and the containment of cyber-related losses are critical determinants in an insurers’ ability to manage underwriting cyber risk exposures.”
Reinsurance can assist in mitigating unexpected large losses, the commentary noted, though the limited availability and cost could limit an insurer’s ability to increase its cyber market share.
As the line matures, it is expected that insurers offering the coverage will benefit from a revenue source with continual high demand and more stable profits. The latter will arise as a result of better claims experience data accrual, leading to more accurate pricing and stable loss ratios.
While loss ratios rose considerably between 2018 and 2020, improvements were seen in 2021 and are expected to continue in 2022.
The authors of the commentary, Komal Rizvi, vice president, Insurance, Global Financial Institutions Group, and Marcos Alvarez SVP and global head, Insurance, Global Financial Institutions Group, expect more refined cyber coverage offerings, the result of a maturing market as well as a better understanding of claims drivers. Cyber policy evolution will occur more quickly than in other lines, mainly due to the evolving nature of cyber attacks.
Even so, there is the risk of constrained growth, given the high demand for cyber insurance coupled with a large cyber protection gap, the commentary noted.
“Cyber risk can be vulnerable to mispricing given that losses can fluctuate widely and, in some cases, can be extremely high. The losses can be difficult to model and quantify given the wide scope of loss events involved, including the costs of reputational damage, compensation to any victims of the cyber attack, business interruption costs and ransomware demands, to name a few,” the report outlined.
Because cyber coverage offers insurers a source of income that isn’t correlated to catastrophic weather events, this could be beneficial to insurers that might have a substantial proportion of their business in the property insurance market.
Another benefit to insurers is the ability to offer ancillary services to cyber insurance customers, such as “access to professional advice, assessment of cybersecurity processes and procedures currently in place, and assistance in containing damage and preventing further fallout once a breach occurs.”
These services could be crucial to small to midsize businesses that do not have the ability to source these services on their own.
One caveat remains: the potential for systematic, widespread losses in digital supply chains. This can be remedied, according to the report, by adequate diversification in the risk pool.
Mitigating risk through reinsurance, along with policy language clarity and a disciplined underwriting process, will be key to managing tail risk.