S&P: U.S. Insurers Cautious to Respond to Soaring Cyber Demand
Standard & Poor’s predicts a major jump in demand for cyber insurance in the coming years, with interest initially outstripping supply. U.S. insurers will respond gradually, however, entering the market with caution, allowing for breathing room to develop knowledge and experience about the fast-evolving risk, the rating entity found in a new report.
Insurers remain hesitant to embrace cyber risk quickly because it is “fast moving, impossible to predict, and difficult to understand and model, but change can be immense,” S&P noted.
Another concern: aggregation risk and clash with other policies.
S&P outlined these and other insurance-related cyber trends/concerns in its newly-released report: “Looking Before They Leap: U.S. Insurers Dip Their Toes In The Cyber-Risk Pool.”
The report says cyber insurance demand will grow “as management teams utilize both offensive and defensive capabilities,” and perception of cyber risk and its financial costs grows due to increasing media coverage.
Attacks will increase in both frequency and sophistication as losses grow. Lloyd’s estimates that there are around $400 billion in annual losses due to cyber hackings, only a small number are insured, S&P said.
With that in mind, cyber insurance is gaining more promotion and regulators are encouraging companies to buy it to help manage their risks and minimize the cost of a breach. Cyber breaches can damage an organization’s reputation, and that could spur the growth of the cyber market. More regulations passed in response to hackings should also trigger interest in cyber coverage, according to the report.
“Cyber insurance is a sellers’ market, unlike more developed/traditional business lines,” S&P said. However, insurers aren’t exactly jumping in “with both feet” for a number of reasons.
“Due to the changing nature of technology and hacking strategies, insurers don’t have an accurate loss history,” S&P noted. “Whereas traditional liability products may use revenue and industry as particularly important drivers of risk assessment, it is much more difficult to determine a company’s ability to defend itself from a very determined hacker.”
S&P said it expects cyber insurance capacity to increase as experience in the sector grows.