AM Best Warns of ‘Grim’ Future for Cyber Insurers

The increase in cyber losses outstripped rate hikes last year, suggesting "more trouble for 2021 as ransom demands continue to grow."
Matthew HellerJune 7, 2021
AM Best Warns of ‘Grim’ Future for Cyber Insurers

AM Best has added its voice to a chorus of concerns over the cyber insurance market amid a worsening risk environment that has driven loss ratios dramatically higher.

The credit rating agency said in a new report that the prospects for the market are grim and cyber insurers “urgently need to reassess all aspects of their cyber risk” to remain a “viable long-term partner” for organizations seeking protection from hackers.

Direct written premium for cyber insurance rose 22% to $2.7 billion in 2020, reflecting increases in both rates and demand, according to the report. But the loss ratio for cyber insurance jumped to 67.8% from 44.8% in 2019, with 15 of the 20 largest cyber insurers showing increases.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

“The rate increases for cyber insurance outpaced that of the broader property/casualty industry, but the increase in cyber losses outstripped the rate hikes, which suggests more trouble for 2021 as ransom demands continue to grow,” Sridhar Manyem, director of industry research and analytics for AM Best, said in a news release.

AM Best’s concerns echoed those of the U.S. Government Accountability Office, which in a report issued last month, warned that the continued availability of cyber insurance “remains uncertain.”

Key challenges facing the market include the limited availability of historical loss and cyber event data, limited awareness of cybersecurity risks by businesses, and the risk of aggregate losses from a cyberattack, the GAO said.

AM Best identified the challenges for cyber insurers as rapid growth in exposure without adequate underwriting controls, the growing sophistication of cyber criminals, and the cascading effects of cyber risks.

Hackers appear to have shifted from stealing identities, a risk of loss to third parties, to shutting down systems for ransom, a first-party risk, AM Best said, noting that first-party ransomware claims rose 35% in 2020 and now account for 75% of cyber claims.

“The recent Colonial Pipeline hack — for a multi-million dollar ransom — is an example of first-party claims that have become so prevalent,” said Christopher Graham, an AM Best senior industry analyst.