Fitch: Cyber insurance profits strong, premiums slow
Insurers now issue stricter policy language and insert more sub-limits and exclusions into cyber coverage.
While the cyber insurance market in the United States performed well for the second straight year in 2023, premium volume waned, according to new research from Fitch Ratings.
“Favorable cyber underwriting results are partly due to prior large increases in premium rates,” the agency said in a statement about its cyber market research based on carrier financial statements. “Insurers are also being more careful in cyber risk selection and the underwriting process.”
Standalone cyber coverage experienced loss and defense and cost containment (DCC) expenses ratio that held relatively steady at 44% in 2023 versus 43% in 2022, Fitch said.
Analysts noted that cyber carriers increasingly insist that policyholders “maintain proper cyber hygiene and risk management practices before agreeing to insure them. Additionally, insurers are tightening policy language to more strictly define terms, with more frequent insertion of sub-limits and exclusions.”
The total number of common cybersecurity vulnerabilities and exposures (CVEs) is expected to increase by 25% in 2024 to 34,888 vulnerabilities, or roughly 2,900 per month, Coalition reported earlier this year in its Cyber Threat Index 2024.
“In today’s cybersecurity climate, organizations can’t be expected to manage all of the vulnerabilities on their own,” Coalition Head of Research Tiago Henriques said in a press release about the carrier’s Cyber Threat Index 2024. “They need someone to manage these security concerns and help them prioritize remediation.”
Fitch reported that U.S. statutory direct written premiums for cyber coverage in standalone and package policies declined 2% in 2023: “This represents a sharp drop off from market growth of approximately 200% from 2020 to 2022.”
Stand-alone cyber coverage sales reportedly declined by 3% in 2023 to $4.9 billion.
“Carriers will face ongoing challenges to maintain underwriting discipline as market competition intensifies and adapt to an evolving claims environment that is heavily influenced by technological change,” Fitch said. “Cyber loss risk is also heightened by expansion of regulatory and compliance requirements, including recent SEC cyber risk management disclosures for public companies, that increase potential for litigation risks and substantial fines and penalties for not properly disclosing data breaches.”
What’s more: “Catastrophe exposure from cyber risks is another significant source of uncertainty in terms of the nature, likelihood and cost of the most severe cyber event.”
See also: