U.S. Cyber Market Grew 32% in 2017 But Most Small-Medium Firms Opted Out: A.M. Best

May 21, 2018

The U.S. market for cyber insurance grew significantly in 2017, as direct premiums written rose nearly 32 percent year over year to $1.8 billion, and policies in force jumped 24 percent to 2.6 million, according to an A.M. Best special report.

However, despite the growth, the cyber insurance take-up rate remains low, particularly among small to medium-sized enterprises.

The new Best’s Special Report, “Cyber Insurance Market Sees Steady Growth but Still Awaiting a Real Growth Spurt,” states that the cyber insurance market represents a meaningful growth opportunity for insurers, given that the take-up rate for small to medium-sized companies remains in the low teens. These companies generally remain complacent about their exposure to cyber-related events, such as data breaches and system failures, and underestimate the potential for business interruption, A.M. Best says.

On the other hand, national accounts and Fortune 500 companies, particularly companies at greater risk such as financial institutions and health care companies, are increasing cyber coverage, according to the rating agency.

In 2017, cyber packaged policies in force increased 28 percent for the U.S. property/casualty industry (excluding non-U.S. and alien surplus lines insurers that do not have to file), following a year when standalone cyber insurance policies grew significantly. A.M. Best believes the rise in packaged policies is partly due to the addition of affirmative cyber coverage (i.e., when perils are explicitly included or excluded) to commercial policies, as well as insurers reclassifying policies for financial reporting purposes. Standalone policies in this population declined 32 percent in 2017, as businesses likely migrated to less expensive packaged policies.

The total number of cyber claims increased in 2017 to 9,017 from 5,955 in 2016, with packaged policies constituting 56.3 percent of the claims and standalone policies making up the remaining 43.7 percent.

U.S. Cyber Market Is $2 Billion, Growing Fast, Profitable: Fitch

According to A.M. Best’s report, a lack of historical experience and tested cyber exposure models continue to foster uncertainty of underwriting cyber insurance. Insurers vary significantly in their cyber pricing sophistication, with some using simplistic pricing based on expected losses, while others have much more sophisticated algorithms.

Although a systemic event remains the top threat for cyber insurers, underpricing from new market entrants also should remain a concern, the report warns.

“At this point, underwriting and pricing are driven more by market forces than by loss experience and models,” said Bobby Skrabal, an A.M. Best industry analyst. “As insurers develop more experience they’ll improve their pricing models, but due to the constantly changing nature of cyber threats, pricing will most likely continue to rely on the judgment of underwriters.”

Chubb INA Group was the top cyber insurer in 2017, rising past American International Group and XL CatlinAmerica Group, with $284.4 million in cyber direct premiums written, the majority of which were for packaged policies; and

For a third-straight year, Hartford Insurance Group held the most cyber policies in force at year-end, with more than half a million.

Although the premium and policy increases in 2017 are material, A.M. Best believes they do very little to close the protection gap. A.M. Best expects that demand for cyber insurance will continue to grow and capacity, which is currently ample, is likely to increase over the next few years, as the line’s current reported profitability should attract new market entrants.

The authors of the report issued a caution to insurers in the market.

“Cyber events are difficult to see predict or detect — companies may not even be aware that an event has taken place — and once one has occurred, it is difficult to ascertain how far and wide they will spread,” said Fred Eslami, an associate director. “They are becoming increasingly more frequent and more severe, and as insurers expand their cyber offerings, they will need to be prudent in exercising appropriate risk management and mitigation measures to ensure that these exposures remain aligned with the company’s stated goals and objectives.”

Related: