Cyber buyers looking to reinvest rate savings amid uncertain loss backdrop

By Michael Loney

May 23 - (The Insurer) - Cyber insurance executives are bullish about opportunities in the U.S. market despite persistent rate decreases, and they also report progress on improving the contentious claims-handling process for business interruption losses.

Cyber Risk Insurer spoke to executives at RIMS’ Riskworld conference in Chicago in early May against a backdrop of continued U.S. cyber rate decreases.

Christian Hoffman, global head of specialty and financial products at Aon, highlighted deceleration from the previous double-digit decreases. The broker’s figures show pure cyber rates were down 7% in the first quarter and down 4% including tech E&O.

“It’s still a buyer-friendly market,” Hoffman said. “There's still a lot of competition in the marketplace. We saw a number of new entrants earlier this year in the excess space so there's ample capacity.”

Rachel Lavender, U.S. and Canada cyber brokerage leader at Marsh, highlighted a trend of buyers using the money saved from rate decreases to expand cyber coverage.

“The rate declines have been reinvested, and they're buying more limits in almost every scenario,” she said. “In the first quarter, when we saved our client money they just said, ‘Go get me more limits,’ because they see the risk.”

Lavender said that clients are aware of the elevated ransomware attack environment as well as the higher average ransoms being paid.

“I think what's also fuelling it is that boards of directors are much more attuned to this risk,” she added.

Lavender also pointed to some developments that are “expanding the four corners of the policy” in cyber. These include ILS and parametric cover, as well as large clients in certain industries such as energy looking to include cyber as part of an integrated program.

“Although the rates are still declining at a decelerated rate, I think the markets are beginning to say, ‘OK, it's stabilised, we're not racing to the floor and there's a much more sophisticated buyer out there now understanding how to mitigate and prevent risk through good risk management.’ So I think the underwriters want to be more innovative,” she said.

Debbie Hobbs, head of cyber, tech and media at Miller in London, also highlighted that cyber is still in a soft market.

“We were expecting everything to harden, and that has just not happened,” she said. “We're still getting an influx of capacity into the market, and that just means it's challenging to get the rates hardened in line with where the losses are.

“It’s against a backdrop of seeing loss years continuing to trend upwards for ’23 and ’24 and entering ’25 with high, prolific levels of ransomware.”

GROWTH OPPORTUNITIES DESPITE RATE DECLINES

Carriers are still confident about cyber market opportunities, however.

Richard DePiero, executive vice president, head of Sompo Pro, North America at Sompo, believes that continental Europe and the UK present good growth opportunities for the insurer’s cyber business in the small and middle market segments.

For larger risks, he said that Sompo looks to deploy capacity low on many towers as the losses for this type of business tend to be large.

“The number of large losses that we have seen in the marketplace, whether it be from ransomware or privacy litigation or privacy regulation, continues to show us that large commercial risks are not being priced properly up the tower,” he said.

DePiero continued: “If the primary layer on a policy is being fully exhausted X percent of the time, the first excess is being eroded at about that same rate. However, the first excess is being priced, in some cases, at 70% to 75% and you compound that rate discount as we move up additional layers in the tower.

“So, if you are deploying limit in the middle excess attachments, there is a higher potential of loss than what is being priced for. That may not be a long-term profitable strategy for an insurer.”

Jeff Kulikowski, executive vice president of cyber and professional liability at Westfield Specialty, is also bullish about the market.

“We still see a great avenue for growth in the product despite the slightly declining rate market right now,” he said.

Westfield Specialty entered the cyber market in 2021 when it was launched as a subsidiary of Ohio-based Westfield.

“We really started our book out in the large account space, and we've moved more into the middle market, primary and low excess,” he said.

Kulikowski said that Westfield Specialty is also targeting the SME segment.

“We're really excited about that, and also looking forward to potentially working with third parties in that space too to gain scale,” he said.

Discussing the loss environment, Kulikowski said that business interruption is a big claims trend in the cyber market.

“When it comes to ransomware claims, breach response and cyber extortion payments seem to be the primary topics of discussion, but what we're seeing is that the business interruption losses associated with ransomware events often exceed the amount of the ransom payments,” he said.

“The final value of a BI loss depends on the complexity of an insured's business model and industry that drive what that loss is going to be.”

Kulikowski also said that privacy regulation claims are interesting.

“When (the Biometric Information Privacy Act) came out, it took years for lawsuits to work through the broader U.S. and foreign legal systems but now we're really seeing significant liability and statutory damages, and fighting those aggressively. There are wrongful collection suits as well," he said.

The privacy claims often lead to conversations with insureds about whether they really want to fight them or should look to settle, he said.

SOME PROGRESS ON BI CLAIMS HANDLING

The handling of business interruption claims is a source of friction in the cyber market.

Kulikowski said that the larger losses can have scenarios where once the primary and first excess carriers pay their limits there's five, 10, even 20 additional carriers stacked individually. He said that is also the case in quota share layers containing multiple carriers.

“As an industry, we need to collaborate and agree on a forensic accounting model which benefits everyone (capital providers, distribution partners and the insured) while promoting clarity and expedient service in the claims value chain,” he said.

“The challenge is these are all individual contracts. Carriers and insureds all hire their own forensic accounting provider which leads to different valuation of the total BI loss. This lengthy process causes confusion and delays, creating a scenario where every party is unhappy with the experience."

Kulikowski suggested that the market needs to collectively find a way to improve the process.

"We've been working with select distribution agents and/or brokers on strategies, whether it be agreeing on forensics firms at the outset, or agreeing on a different service model/process around the proof of loss and evaluation,” he said.

“That's a huge focus for us, because we don't want to disincentivise clients from buying this coverage.”

He said that it is still uncommon for the process to be agreed in advance, and that it works better on smaller towers.

“I hope the carriers start to realise, as well as the brokers, that it's in the best interest of the client to try to resolve these issues, because pointing fingers just doesn't satisfy anyone. So we're seeing some progress but it's mostly limited to smaller towers or programs,” he said.

“I hope it becomes more commonplace, because it is currently the number one point of tension between the carriers, brokers and clients on these towers.”

Lavender said that Marsh has been taking steps to try to improve the business interruption claims process.“It's so complicated to adjust one of these business interruption losses, so we're trying to create a better process,” Lavender said. “We've negotiated language with each of the insurers to say, this is how this forensic process is going to work.”

Lavender said that carriers have been receptive to this.

“They want it because they don't want to have another area where their client can be upset with them. There are plenty of other things that go wrong with the claims process where the insurers, in the eyes of the insured, misstep.

“This is an easy area to fix. There are only four or five forensic firms that insurers use anyway. They all know them,” she said.

A number of executives interviewed at Riskworld also raised concerns about supply chain risk.

John Farley, managing director of Gallagher’s cyber liability practice, highlighted several losses last year where key players in the supply chain were attacked and there was a cascading effect where those not directly contracted with that attack victim were hit with losses.

“I think the underwriting community is still grappling with getting their arms around supply chain risk, because you have organisations that have a cyber insurance policy that may be impacted by someone way down the supply chain who's attacked with whom they don't have a relationship,” he said.

Farley added, however, that some of the contingent business interruption losses that emerged were more delayed revenue than truly lost revenue for a lot of insureds.

“So it led to disruption but at the end of the day how much did the cyber insurance carrier have to pay out? It probably wasn't enough to meaningfully impact the cyber insurance markets in terms of rates,” he said.