The Cyber Insurance Market Is Speeding Ahead. Are We Risking Whiplash?

By: | July 23, 2023

Stephanie Snyder Frenier is SVP with CAC Specialty’s Professional & Cyber Solutions practice. Stephanie has over 18 years of experience engaging with clients and prospects to develop tailor-made cyber and technology errors & omissions risk transfer solutions, while also supporting marketing and sales strategy.

If today’s top cyber insurance risks were to be seated in a sedan (traveling along the cyber insurance market highway), there would be room for five.

Ransomware attacks would be driving the car, with new state privacy laws riding shotgun. IT supply chain attacks would be taking up space in the back seat, with cyber war along for the ride. Pixel tracking litigation would be squeezed into the middle seat. (Generative AI would be riding secretly in the trunk.)

Despite its occupants, it’s become rather smooth sailing for the cyber sedan. In addition to the improved cybersecurity posture of buyers, market competition has flattened out the road, with double-digit decreases compared to the bumpy uphill climb of the past two years.

Will road conditions continue to improve for cyber insurance buyers or will they cause buyers whiplash for years to come?

The State of the Cyber Market

According to CAC Specialty, over 100 cyber insurance carriers are writing cyber insurance either blended with E&O or as a stand-alone product. Of these 100-plus, roughly 20% are new market entrants within the past two years.

Many of these newer carrier entrants have significant growth goals established during the hard market of 2020-2022. This has created the current environment of competition for both primary and excess layers on programs, which allows brokers to leverage pricing and improve policy terms and conditions.

In addition, retentions are being revised on many programs and sublimits either increased or were eliminated altogether (meaning that full limits are available, whereas they were previously sublimited within the aggregate limit).

This environment of competition has resulted in current rates of flat to -15%, with some programs — which may have been “overcorrected” during the hard market — seeing decreases greater than -30%.

The Cyber Risks

Ransomware attacks are on the rise in 2023, with no signs of slowing down.

According to Howden and NCC Group, global ransomware attacks are up almost 50% in May 2023 versus May 2022. As of this writing, there are 11 states with privacy laws. It is anticipated that state AGs will be interested in flexing these new laws, with the potential for fines and penalties against organizations that run afoul of these regulations.

In 2023, attacks on the IT supply chain have impacted hundreds of companies via the exploited GoAnywere and MOVEit zero-day vulnerabilities.

Cyber war is a risk considered by some carriers to be uninsurable, and new policy language has been introduced by Lloyd’s of London and others to clarify how this risk would be addressed, or excluded, under cyber insurance policies.

Consumer privacy class-action litigation is on the rise related to pixel tracking, using the Video Privacy Protection Act (VPPA) as a basis for pursuing statutory damages.

Last but not least, while the privacy risk associated with generative AI is not generally being contemplated by carriers, it will be something for underwriters to consider as more companies develop their AI strategy.

The Whiplash Concern

Buyers are happy to see their premiums decrease after two years of double- to triple-digit increases. This year has been termed as one of rate “stabilization” as high premiums return to more normalized levels.

However, with increased competition arising out of new market entrants with significant growth goals, the concept of rates “sustainable for the long term” has the potential to go flying out the window.

This dynamic could drive rates back to pre-hard market levels.

At the same time, the number of risks facing organizations from a cybersecurity and privacy standpoint continue to grow and may not be contemplated in today’s underwriting models.

As buyers budget for next year’s renewal, it is hard to know if the cyber sedan will continue to drive quickly downhill only to potentially hit roadblocks, or due to its menacing occupants, have a more perilous and steep climb ahead. &

More from Risk & Insurance