Global cyber risk insurance premium rates have been decreasing, leaving insurers in the space looking at risk pricing, underwriting and the frequency of claims as areas to address.
"Rates continue to be under pressure, overall and in all revenue bands – SME, middle market and large accounts – but they have been leveling out for the past few quarters," said Jeff Kulikowski, EVP, Cyber & Professional Liability, Westfield Specialty, who spoke as part of an April 17 panel hosted by Insurtech Insights. "The reason behind the rate decrease is new capacity and expanded risk appetite amongst carriers is driving rates downward."
Steven Schwartz, chief insurance officer, Safe, thinks the rates have hit a plateau. "Within the next year, we'll start to see rates increase, or at least get more validation that we are pricing the risk more effectively," he said.
Overall, cyber risk premiums grew 32% annually from 2017 to 2022, but did not grow as fast in 2023 and 2024 as rates were reduced, according to
New insurers, in the form of MGAs, have joined the cyber risk insurance space, because it has a lot of room for growth, according to Connor Brennan, a vice president at Arch Insurance Group specializing in cyber insurance. These new insurers, including Coalition, Cowbell, At-Bay and Corvus, are challenging major P&C carriers that had cyber insurance offerings for a while.
Cyber risk insurance MGAs tend to focus more on distribution technology, according to Schwartz. "When you change the way you look at things, things you look at change," he said. "I'm seeing a few different underwriting methods and how that data is being captured with some of the newer SMB MGAs. It's also what we need to learn and bring back to the traditional, larger incumbents."
While insurers have had a greater appetite for cyber risk, volatility in cyber risk claims seems to be returning, according to Kulikowski. Middle-market claims caused concern from 2019 through 2022, he explained, because of a rise in ransomware events. Now the concern is with large policyholders' claims, Kulikowski said.
Arch Insurance's Brennan cautioned that more discipline is needed in what insurers are underwriting and brokers are providing.
Increases in claims are being driven by ransomware as well as business interruption and third-party risks, according to Schwartz. Policyholders' use of third parties complicates claims handling, Kulikowski noted.
"What happens if that vendor fails? What is your resiliency like? Do you have a backup internally? Is there a manual way to do things?" he said. "We're having to dig very deep into these kinds of dependency claims, because we've just seen that ripple effect. These aren't traditionally ransomware generated, either. It could be system failure generated."
