All cyber insurance claims made by Airmic members relate to ransomware

Of the Airmic members who buy cyber insurance and have had a claim, all claims relate to a ransomware attack and all claims have been met, according to the latest Pulse Survey on insurance market conditions from UK risk management association Airmic.

Other key findings include the fact that employee education and email defences are the most likely cyber risk controls. Data breach advisors and security advisors are by a significant margin the most likely first points of contact following a cyber incident.

Premium rates for cyber are rising and increases of +400 percent have been seen for the first time in these surveys. Cyber risks are the most likely new risks to be financed by captives.

While the market is still perceived as “harsh”, there are green shoots of improvement emerging in market conditions.

Previous Insurance Market Pulse Surveys from Airmic have focused on renewals and claims (January 2021) and the directors’ and officers’ liability market (September 2020).

The latest survey’s cyber risk focus comes in the context of a well-documented rise in online security threats in 2020 and 2021, putting ever greater onus on cyber risk and financial risk transfer.

Organisations adjusted at short notice to remote working during the pandemic, accelerating the longer term trend towards digital transformation - but new ways of working have created more cyber risk touch points and new risks, resulting in opportunities for cyber criminals to exploit.

The proliferation of ransomware attacks in particular has transformed the risk of data breach, through accessing sensitive information then held to ransom.

For commercial insurance buyers, there is a perception that the cyber insurance market is still developing. Roughly half of respondents buy cyber insurance (53 percent yes, against 47 percent no).

Respondents are broadly happy with claims, which are being paid efficiently. The claims experience was rated “very satisfactory” by 74 percent, although only 13 percent said they had made a claim in the past 12 months.

However, insurance buyers fear the cyber insurance market lacks adequate data, skills and knowledge to adequately to underwrite cyber cover effectively.

Data breach and security advisers were ranked the first organisations to consult after a breach – ahead of insurers or brokers. Added to which, the insurance market is still struggling to understand its silent cyber exposure – i.e. cyber risk that is neither expressly covered nor excluded in covers. There is lack of confidence about how the insurance market will respond if – or more likely when – a systemic cyber event should occur.

The market is still perceived as “hard” by an overwhelming majority of respondents (91.7 percent, the remainder neutral), in the sense that supply of capacity is still at least matched by demand, and prices are seen as robust and in some cases still rising (50 percent thought the market was deteriorating).

However, there are green shoots of improvement emerging in market conditions. A number of members report an easing back of premium rate increases and cover limitations.

While challenges remain for large commercial buyers seeking programme capacity, the outlook into 2022 looks – albeit cautiously – somewhat more positive. Respondents were split in their view on the market next year (38 percent expecting a deterioration; 29 percent expecting an improvement; and 33 percent expecting it to remain consistent).

A majority of respondents (69 percent) reported that their organisation had at least one insurance captive in operation. However, few respondents said their organisations were contemplating setting up captive if they did not already have one (just 17 percent).

Julia Graham, CEO, Airmic, commented: “Will spring bring continued growth in the green shoots we are seeing? We not only see premium and cover green shoots, but a genuine effort from the Market in building or rebuilding relationship bridges with our members. This overall scenario gives us some optimism for a better 2022.

“This said, the market needs to energise its efforts to keep up with the opportunities available through technology and be conscious of more sophisticated use of analysis of data, and new risk financing models and mechanisms creeping up on out-of-date solutions with some internally-focussed practices. Our members work with organisations which are harnessing technology, and the Market needs to avoid falling behind them.”

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.