With increased cyber attacks and data breaches post-pandemic, cyber insurance to protect against the rising digital threats is growing in demand. Cyber insurers can benefit by partnering with service providers to seize opportunities for growth and profitability in this fast-growing market. Read on to learn how.
Cybersecurity continues to be a top priority for enterprises across all industries, primarily driven by increased cyber attacks and data breaches in the wake of COVID-19. Enterprises are increasingly strengthening firm-wide cyber defenses and turning to cyber insurance as a mitigating measure to counter the rising threats in today’s increasingly digitized world.
In particular, the pandemic has accelerated the severity, frequency, and complexity of ransomware attacks. Data from the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) suggests the total value of suspicious activity reported in ransomware-related incidents during the first six months of 2021 was US$590 million, more than the US$416 million reported for all of 2020. The frequency has also gone up, with 658 ransomware-related suspicious incidents being reported during the first six months of 2021, representing a 30% increase from the total reports filed for 2020.
Costs associated with cyber attacks also are rising. According to the IBM Cost of a Data Breach Report, the average data breach costs rose from US$3.86 million to US$4.24 million in 2021.
All of these factors have led to a substantial increase in cyber insurance pricing across the world. An analysis by Marsh shows US cyber insurance pricing increased 96% year-over-year during the third quarter of 2021, which also represented a 40 percentage point increase from the second quarter of the year.
Image 1: US insurance market pricing change – overall commercial vs cyber insurance segments
US cyber insurance market provides significant growth opportunities
Direct premiums for US-domiciled insurers stood at US$2.75 billion in 2020 – less than 1% of the overall direct written premium in the US property and casualty (P&C) insurance market – reflecting the runaway growth in cyber insurance. This segment has also grown at a decent pace over the last five years, registering a compound annual growth rate (CAGR) of 13.3% during that period.
Standalone cyber insurance policies are gaining prominence and have seen faster adoption than packaged policies sold as add-ons to other insurance products/policies. This can be attributed to enterprises’ need for broader coverage and a better understanding of policy terms and costs.
While most carriers have mainly serviced corporate clients, they are now starting to focus on the retail segment by providing standalone cyber insurance products that have typically been sold as add-ons to homeowners insurance. For example, Chubb recently launched Blink, a new personal cyber protection offering that covers expenses related to identity theft, fraudulent wire transfer, cyberbullying, and ransomware extortion.
Insurers are also offering joint go-to-market (GTM) products to provide comprehensive cyber risk management solutions to enterprises. In 2021, Allianz and Munich Re partnered with Google Cloud to launch a solution for Google Cloud customers that combines the risk-transfer expertise of Allianz and Munich Re with Google’s security capabilities to provide clients tailored coverage.
Advent of insurtechs in the cyber insurance market segment
The insurtech space has recently witnessed increased activity where most newcomers are catering to specific segments like small to medium enterprises. Insurtechs are leveraging their tech capabilities to make the underwriting process more streamlined and automated while incumbents continue to face legacy issues.
However, insurtechs lack the capital resources of their traditional counterparts and hence are forming alliances with traditional insurers to combine their respective capabilities. Some insurtechs are also offering coverage on behalf of incumbents through the Managing General Agent (MGA) model.
- Cowbell Cyber, a full-stack insurer providing cyber coverage to SMEs, raised US$100 million this March to expand its go-to-market channels and increase investments in data science, underwriting, risk engineering, and claims management
- At-Bay, a cyber insurtech MGA, announced a partnership in September 2021 with Microsoft to offer data-driven cyber insurance coverage to Microsoft 365 customers
Challenges for insurers in a hardening cyber market
While cyber insurers have experienced significant top-line growth, profitability remains a major concern as payouts have outstripped premium growth. The increased payouts have led to higher loss ratios. The loss ratio for US cyber insurers increased from a 42% average during 2015-19 to 73% by 2020. Insurers are responding by narrowing the cyber coverage scope and limiting cyber capacity. They also are imposing sublimits for ransomware coverage and adding coinsurance requirements to cyber policies.
Image 2: Insurers narrowing cyber coverage scope and limiting cyber capacity
How can cyber insurers benefit from BPS partnerships?
Partnering with Business Process Services (BPS) providers can help cyber insurers in the following ways:
Providing underwriting talent: As the adoption of cyber insurance grows, it will also lead to higher volumes for carriers. Service providers can provide support by standardizing parts of the underwriting process to enable carriers to handle increased work volumes. This can include deploying straight-through processing by standardizing the intake process and applying rule-based engines for low-premium policies to free up time for underwriters to focus on larger policies. They can also take over non-core pre- and post-underwriting work and help create scalable Centers of Excellence (CoEs) at profitable locations.
Enabling technology: As carriers tighten their underwriting requirements with an increased focus on analyzing enterprises’ history of ransomware incidents and cyber breaches, they will heavily rely on third-party tools and public data sources to evaluate the insureds’ level of risk. This provides an opportunity for service providers to work with carriers to provide such tools and applications to help them assess risks associated with a particular firm.
Ensuring compliance: Amid the ever-evolving cyber threat landscape, governments and regulators across the globe are introducing new cybersecurity-focused legislation. The US Congress passed a new cybersecurity law in March mandating critical infrastructure entities to report cybersecurity incidents and ransomware payments to the relevant authority within 72 and 24 hours, respectively. Service providers can support carriers on various compliance-related matters. While some providers have compliance-specific expertise in licensing and filings, others have dedicated teams for compliance review and obligations. Third-party BPS providers can leverage these resources and work with carriers to ensure compliance.
Partnerships critical to the cyber insurance market’s future
As carriers seek growth in the cyber insurance market, they will need to strike the right balance to also achieve profitability. At the same time, service providers will have to keep up with the evolving market and appropriately build their cyber capabilities.
By working together, carriers and service providers can address some of the current market challenges and capitalize on the opportunities in the cyber insurance space to achieve sustainable growth.
For more information, please read our comprehensive assessment of the players in the P&C Insurance BPS segment, Property and Casualty (P&C) Insurance BPS – Service Provider Landscape with PEAK Matrix Assessment 2022.