The Cyber (re)insurance market has significant potential to grow exponentially over the next decade, with growth bringing market GWP to ca$15bn in 2024 and more than $35bn by 2030. In order to achieve sustainable and profitable growth for all participants, it is now important to maintain a reasonable level of underwriting stability and discipline in terms of pricing, terms and conditions within the market. In this relatively immature class of business, characterised by evolving threats and long tail exposures, it is essential that clients remain confident that the market is poised and able to respond to future events.
Recent history and latest developments
The cyber (re)insurance market experienced its worst performance between 2019 and 2020, caused by significant ransomware losses. Consequently, there has been a major shift in the industry, with customers seeing dramatic rate increases and stricter terms and conditions (T&Cs). Rising awareness for the product has increased the demand and strong underwriting measures have moved the market back into profitability.
Unfortunately, the market tends to forget the lessons learned all too quickly. Both existing players and new entrants seek to grow their market share and take advantage of a more profitable market, thereby putting pressure on rates, terms and conditions.
The recent CrowdStrike incident, a global IT outage caused by a quality control issue at the cybersecurity firm, serves as a pertinent reminder that the industry must remain vigilant. The outage had serious implications for businesses and organisations across the globe. It remains to be seen how claims from this event will impact the cyber (re)insurance market in the long run; however, it will certainly act as another important learning experience for (re)insurers and it will test coverages and wordings. It clearly shows the global interconnectivity of systems and resulting impact across industries, whether malicious or non-malicious, and should raise awareness of ever evolving threats which are characteristic for this class of business.
Evolving threat landscape
Although recent press coverage mainly relates to first party losses, such as business interruption, it is important not to forget the impact of third party exposures, which constitute a different threat given their long-tailed nature.
The cyber (re)insurance industry must be prepared to manage any such evolving threats and build resilience as it continues to grow, thereby offering essential support and coverage to clients, considering their concerns and individual requirements. Only a sustainable and accessible cyber (re)insurance market can guarantee this in the long run.
Building sustainable foundations
While we cannot predict what the next cyber event will be and its impact on the industry, there are measures we can take to ensure that we are in a position to continue supporting our clients, through the cycle for the long term, by ensuring the market remains stable and disciplined.
First and foremost, industry professionals can mitigate risk by adhering to strict underwriting discipline. This involves setting appropriate risk adjusted premiums, as well as outlining clear T&Cs and following them consistently. Maintaining rate adequacy is a priority; without it, the market becomes volatile, weak and unsustainable as losses will begin to erode capital.
At Liberty Mutual Re we take a long-term view. Our mutuality allows our award-winning team to be a consistent partner, putting our customers first and committing to the cyber class for the long term. We are looking closely at our bottom line and remain convinced that strict underwriting discipline will allow for a stronger foundation, so when the next cyber threat / event emerges – and it will - we are better positioned to support our clients and help them deal with the implications.