Price rises for cyber insurance in the London market will likely slow down in 2022, but brokers expect rates to remain high and coverage difficult to find.

The market saw sharp rate rises at the end of 2021 triggered in part by a wave of ransomware claims, which pushed some loss ratios above 100% and put an increased focus on risk management.

"[But] we're seeing some positive outlooks from the market from a loss ratio standpoint and the fact that we're seeing a kind of plateau of claims," Brian Warszona, U.K. cyber deputy practice leader at Marsh LLC, said in an interview on the sidelines of Airmic Conference 2022, the U.K. risk management association's annual conference.

While claims numbers in 2021 were still high compared with the years before 2020, they have stayed static as more buyers have come into the market. So, the ratio of buyers to claims "is trending in the right direction," Warszona said. The market is also not seeing the same level of claims severity it did at the beginning of 2021, when claims settlements from 2020 and earlier years had spilled over.

Marsh expects "some flattening of pricing" in the London market in the third quarter of 2022 following increases of 109% in the fourth quarter of 2021, the broker said in a June 2022 report on U.K. cyber insurance trends. Some policyholders had increases in excess of 300%, the report said.

New entrants

There are also signs that insurers are warming to the cyber market again as conditions improve. In 2021, many insurers cut the coverage limits on policies in half, Warszona said. However, there have also been some new players entering the market, and those backing cyber underwriters and managing general agents, or MGAs, "are actually getting more involved because they see it as a profitable industry now versus last year," Warszona said.

The amount of new capacity "is not groundbreaking, but it is helping with competition," Warszona said.

Probitas Managing Agency's Syndicate 1492, for example, is planning to launch its cyber insurance offering on July 1, following the appointment of Richard Taylor as head of cyber and technology earlier this year. Cyber will be the syndicate's first new business line since its launch in 2015, according to its website. The syndicate will be offering capacity of $5 million or €5 million per risk and looking to cover more complex clients from the higher end of the small and medium-sized enterprise market upwards, Taylor said in an interview.

Resilience, a cyber-focused MGA based in the U.S., also plans to start writing in the Lloyd's market but has not yet announced the timing. The company said in January that it had been approved as a Lloyd's coverholder.

The insurance industry has done a good job on more detailed underwriting, looking at insured companies' risk controls and recapitalizing, after a wave of ransomware claims. So, "it would make sense that the market will not look for a 100% rate increase, as it did last year," Taylor said.

Others see an end to price increases but are less specific about when the change will come. "We would expect rates to continue to strengthen for a while but not indefinitely," Piers Tuggey, regional product leader of cyber and technology, media and telecommunications for UK & Lloyd's at Axa XL, said in an interview at the Airmic conference.

Insurers have been increasing prices to ensure the market is sustainable, Tuggey said, and new players will be tempted in if they see that it is. "An increase in capacity is effectively an endorsement of the market, and that's what we're trying to get to. That actually will ultimately benefit clients in the long term."

There have been a few new entrants into the market "but not a flood," Tuggey said.

Cyber insurance market poses challenges for buyers

Despite signs of price increases easing in future, the cyber insurance market remains challenging for buyers because of the cost of cover and the more restrictive terms insurers have introduced to combat the wave of ransomware claims. "Cyber is really, really tough," Mark Rubidge, a director in the major risk practice at Arthur J. Gallagher & Co.'s U.K.-based international division, said in an interview at the Airmic conference.

Part of the solution is for companies to ensure the appropriate cyber security measures are in place before approaching insurers for cover. "If you haven't got the right controls in place and you go to market on a proposal form, you are just going to get a load of no-quotes — it is a pointless exercise," Rubidge said.

Marsh has been working with clients since the last renewal to improve their cyberrisk controls, Warszona said, which has helped insurers get comfortable with the risk but also improved companies' risk profiles.

Even though cyber insurance prices may soon ease, they could jump again when the next loss trend arrives. "The changing threat environment of cyber will see ... an element of volatility going forwards ad infinitum," Tuggey said.

One looming threat is cyberattacks spilling over from the Russia-Ukraine war. So far, attacks outside Ukraine have not been as bad as feared. "We are actually seeing a downward trend in cyberattacks coming from Russia at this point," Warszona said. However, he added, there is the potential for retaliatory cyberattacks against those countries that have supported Ukraine. "We are more concerned about what is going to happen in the future than right now," he said.