“We can’t leave insureds under-protected on cyber” as industry works through systemic risk potential

As the hard commercial insurance market continues, it is presenting significant issues where cyber is concerned. 

Significant rate increases have come about as the market has reacted to an increase in the frequency and severity of claims, partly fuelled by the ransomware epidemic and as a result of the market’s growth and expansion.

“Let’s face it - we are in front of a crime industrialisation pattern,” said Xavier Veyry, CEO Asia & Europe, AXA XL. “With cyber it happens at scale, it’s remote and it can be industrialised. It’s a very different scenario than we have ever had to deal with before.”

“One issue is that we do not properly understand what we and our customers are exposed to. We have to have a clear identification of the risk, understand what we want to cover and then design the right products which include prevention and solutions.”

The industry needs to get a handle on the systemic risk potential before the right solutions can be found, according to Henning Haagen, board member and chief regions and markets officers at AGCS.

“We have seen a massive rise in ransomware attacks over the past 12 months,” he said. “From a carrier’s perspective we need to understand the aggregation risk potential so we are not looking back retrospectively.”

“With the pandemic we saw a huge aggregation on the loss side, and nobody saw that coming. We should not be in the same situation for cyber,” he added.

Cyber rates continue to rise

Cyber insurance pricing increased by 56% in the US in the second quarter of 2021, and by 35% in the UK (up from 29% in Q1) with sizable increases also seen across Continental Europe, according to Marsh.

“As the industry comes to term with the potential aggregation risk, it is important to ensure clients are not left exposed, as a result of rising prices and shrinking capacity, according to Paul Knowles, head of Marsh Specialty, Continental Europe.

“We don’t want to get to a situation where we leave clients under-protected due to knee-jerk reactions,” he said.

There are reputational implications to consider, he added.

“Look at the insurance industry’s response to the pandemic - we didn’t quite become the banking industry of the Global Financial Crisis - but if you look at the stories in the press, there were moments where we did not come out in a good light.”

“It’s important to remember that insurers play an important role in underpinning economies and communities.”

Risk and insurance managers are resigned to absorbing more of their cyber risk internally, acknowledged Mario Ramirez Ortuzar, risk and assets manager, Exolum.

“I am very worried about the new risks we are facing,” he said. “Pandemic is something insurers cannot deal with alone… and the other big hole is the cyber risk.”

“In the future, it’s going to be very difficult for the insurance market to deal with this risk, so we need to look internally for other solutions. In several years the risk will be so huge, the industry won’t be able to deal with it.”