Cyber Prices Drop, While Demand, Supply, Awareness Continue to Grow: Marsh

May 20, 2019

The message about the need to take cyber risk and insurance seriously is getting through to companies and boardrooms.

“As risk awareness has grown, more organizations, particularly those focused on their business interruption risk, are turning to the cyber insurance market for protection,” according to Tom Reagan, U.S. Cyber Practice Leader for global insurance broker Marsh.

In a new report on the cyber market, More Cyber Insurance Buyers as Awareness Grows, Marsh noted that cyber insurance pricing is competitive; average pricing for cyber insurance coverage fell by 0.6% in fourth quarter 2018. Insurers also continue to provide more coverage in exchange for premium, although this trend may not continue indefinitely.

The estimated cyber insurance market increased to $1.8 billion in 2018, three times what it was in 2015, the report says.

Reagan said Marsh’s experience shows that the overall number of U.S. purchasers has doubled over the past five years, while policy limits for existing buyers are also growing “as the economic impact of cyber events becomes increasingly clear.”

This client demand is being matched by “strong carrier appetite” for cyber risk, which Marsh expects to result in stable pricing and expanding coverage for 2019.

Some findings from the Marsh report:

  • Over the past five years, the number of all Marsh U.S. clients buying cyber insurance has doubled to 38% in 2018 from 19% in 2014. That expansion is evidenced across all key industries, which saw an average standalone cyber insurance purchase growth rate of 15% since 2016.
  • In 2018, cyber insurance purchases grew the most among hospitality and gaming (67%) and education (34%) organizations.
  • Cyber policy limits grew in 2018, with average limits purchased by all companies rising 11% to $20.9 million.
  • Among companies with more than $1 billion in revenues, average limits purchased increased by more than 25% in 2018, to $62.4 million.

According to the report, the leading buyers of cyber insurance in 2018 were organizations in industries that make significant use of personally identifiable information (PII) and protected health information (PHI), primary sources of cyber risk for businesses. They include the education and healthcare industries, followed by hospitality and gaming.

Other industries also have begun purchasing cyber as insurers have indicated they are no longer willing to provide coverage for business interruption caused by network intrusions.

“Those losses are increasingly expected to be covered under cyber policies, which have expanded to respond to a wide variety of potential risks while still being competitively priced,” the Marsh analysis notes.

Another key factor in the message getting through: the damage done by 2017 WannaCry and notPetya malware attacks, along with more recent ransomware incidents.

These have “made clear that cyber threats have evolved from data breach and theft to now include business interruption and supply chain disruption” and more organizations including manufacturers, power and utilities companies are now purchasing cyber insurance.