The insurability of systemic cyber risk will be one of the defining issues of the next decade for the (re)insurance sector. Rapid technological changes and digitalization in particular have already transformed the characteristics of risks assumed by the (re)insurance market. As companies depend more on technology to conduct business, they are also increasingly subject to technology’s unique vulnerabilities. These are wide-ranging and can include system or supply chain disruption or failures, distributed denial of service, hacking and ransomware attacks that may result in increased costs and lost revenue, according to Will Garland, President, Centers of Excellence, and Erica Davis, North America Cyber Center of Excellence Leader, Guy Carpenter.
So how has this environment intensified in 2020 and will it continue even further in 2021?
The Effect of Ransomware
In this heightened exposure environment, ransomware attacks have become especially rampant. Fitch’s Health of the Cyber Insurance Market report notes the direct loss ratio rose to 47 percent in 2019 from the 34 percent level of 2018, with much of this due to ransomware.
The proliferation of ransomware is creating reimagined loss patterns for the sector and blurring the lines between attritional and catastrophic cyber loss. Furthermore, the criminal actors behind this continue to shift behaviors, becoming even more advanced and relentless. According to Crowdstrike, (1) “The most prominent eCrime trend observed so far in 2020 is big game hunting (BGH) actors stealing and leaking victim data in order to force ransom payments and, in some cases, demand two ransoms. Data extortion is not a new tactic for criminal adversaries; however, when BGH operations don’t result in payment, victims now face a double-headed threat of ensuring their data does not make it into the hands of others.”
Ransomware has progressively become a loss trend across the cyber industry, with pricing strategies being recalibrated to account for this growing risk. Guy Carpenter is working closely with our clients to share updates on the threat landscape, deliver cyber industry insights, construct relevant modeling scenarios and design reinsurance placements to protect these portfolios. The industry is also adopting new risk mitigation, pricing and underwriting tactics in order to course-correct from the impact of this expanding cyber risk.
Footnotes:
1. https://www.crowdstrike.com/blog/double-trouble-ransomware-data-leak-extortion-part-1/
