Doubled pricing, two-year recovery predicted for cyber lines, post-COVID

By David Gambrill | July 13, 2021 | Last updated on October 30, 2024
3 min read
|||
||Photo courtesy of iStock.com/solarseven|iStock.com/muberraturan

Brokers can foresee cyber pricing doubling over the next year — and it could take up to two years after the pandemic is over before the market shows signs of softening again.

“I think the price has to reflect the reality of the risk, and right now the reality of that risk seems to be getting worse by the day,” Nick Kidd, director of business insurance at Mitchell & Whale, told Canadian Underwriter in an interview Monday. “There’s a limited capacity flow coming through, for sure. Getting $5-million limits is tougher than it was. Getting $10 million is almost impossible for a lot of risks, especially ransomware coverage, which is the major challenge.”

Photo courtesy of iStock.com/solarseven

Kidd said he is relieved to hear in his conversations with cyber insurers that they are trying to “maintain coverage where it is.” But that will come at a cost if the product is priced according to the risk, he adds. The question is whether consumers are willing to pay the “true-cost” pricing for cyber insurance.

“I wouldn’t be surprised to see cyber premiums doubling in the next year, at least,” Kidd predicted. “That’s my starting point, to be honest. What may have been a $3,000, or $4,000, or $5,000 policy could easily be $8,000 to $12,000 in the next year.”

The basis for Kidd’s guess is the fact that pricing conditions and terms for cyber were quite favourable until before the pandemic hit in March 2020, when many Canadians started working from home to avoid the spread of the virus.

Canadian Underwriter has heard unconfirmed, anecdotal reports from brokers that cyber insurers during the soft market sometimes reserved up to $300,000 or $400,000 for a cyber loss, and yet policy premiums were priced at between $2,000 and $4,000. But all that has now changed.

Unprofitable loss ratios in cyber lines exceeded 400% in 2021 Q1, according to Canada’s solvency regulator. (That means a cyber insurer is paying out more than $4 for a cyber claim for every $1 of premium they charge.)

That’s due in part to a tsunami of ransomware claims made both before and during COVID, according to Aon Canada’s Insurance Market Report Canada: Mid-year review 2021. Aon’s report says global ransomware claims escalated by 715.8% between 2019 and 2020, with ransom payments 60% higher in 2020 than what they were the year before. Globally, Aon projects cyber damages to be about $20 billion in 2021.

As a result, “capacity in the cyber and privacy liability market is increasing more difficult to access,” Aon reports. “Insureds with subpar control metrics or those operating in higher risk classes of business will find capacity more challenging to access.

“Further, work-from-home strategies, ransomware prevention methods, and the implementation of multifactor authentication are significant deciding features when insurers determine whether or not to deploy their capacity.”

Photo courtesy of iStock.com/muberraturan

Companies operating in business sectors perceived to be at high risk can expect to see higher cyber rates, Aon’s report states. Examples of such organizations include retailers, universities, financial institutions, healthcare providers, municipalities, and ancillary services to these institutions.

Excess carriers in the cyber space are starting to shore up their cyber pricing, as indicated in Aon’s report.

“Starting [in] mid-2020, pressure to increase rates from excess carriers has intensified as rates for primary capacity increased substantially,” Aon states. “Excess carriers are moving their rates to match the underlying layer, addressing historic underpricing. These moves are independent of rate increases arising from loss experience.”

Carriers who may have offered cyber extensions to existing non-cyber policies — kidnap-and-ransom or property policies, for example — are removing those extensions, Aon reports. Plus, any complex technology risks that are looking to purchase combined cyber and technology errors and omissions policies “will also be subject to more stringent underwriting inquiries, higher premiums, and retention pressure.”

Feature photo courtesy of iStock.com/WhataWin

David Gambrill

David Gambrill