Much transpired in the cyber space in 2019 – record General Data Protection Regulation (GDPR) fines, the introduction of new privacy regulations, systemic ransomware claims, debate around the war exclusion and increasing concern surrounding non-affirmative cyber in the underwriting community. Looking toward the remainder of 2020, we see a number of emerging trends that present both potential challenges and opportunities for our clients.
• The cyber insurance market will continue to grow, having finished 2018 with approximately USD 4 billion in global premiums. There are predictions that total global premiums for 2019 will total in the region of USD 4.5 billion. Notional cyber capacity-per-risk exceeds USD 1.8 billion, according to a recent Marsh survey. (6)
• Cyber cover has proved profitable for the industry and new capacity continues to enter the market. Statutory industry direct loss ratios for standalone cyber policies were reported at 34 percent in 2018. (7)
• Despite profitability, pricing for cyber cover is beginning to increase. Marsh reported rate increases of 2.9 percent for all industries through third quarter 2019. Given the catastrophic potential of cyber risk, (re)insurers are looking beyond attritional performance and are assessing long-term pricing adequacy.
• As is always the case with cyber, the threat landscape will continue to evolve, and we have already seen shifts in ransomware attack behaviors. For example, recent Maze and Ryuk attacks have involved threat actors compromising the network well in advance of activating the ransomware attack. The threat actors perform reconnaissance to assess what type of network they have gained access to and then target the attack from there. These attacks are not just ransomware, they now comprise data theft plus ransomware, or credential harvesting plus ransomware.