Cyber risk evolution

Guy Carpenter’s Anthony Cordonnier and Erica Davis examine the rapid evolution of the cyber market…

Cyber evolution

Cyber risk is evolving at an explosive rate, creating one of the most dynamic perils in the industry. In turn, (re)insurers are now presented with a breadth of opportunities, challenges and threats.

How we got here

As the economy continues to digitise, the door to the possibility of ransomware attacks opens further, emboldening existing threat-actor groups and attracting new ones. The strong uptick in ransomware attacks from 2019 onwards resulted in a surge in product demand. Meanwhile, the threat landscape has shifted from the monetisation of private information to ransom demands and the disruption of critical infrastructure. Concurrently, penalties for non-compliance of privacy regulations are becoming more costly.

Where are we now

Guy Carpenter estimates 2021 year-end cyber/blended (errors and omissions cyber) premium at $10bn globally, with an expectation that it will reach $20bn by 2025. Cyber risk provides new avenues for insurers looking to explore alternative growth strategies, and this has led to a significant influx of new market entrants.

A maturing market

The industry has acknowledged the need for increased sophistication in underwriting practices. This includes a heightened technical acumen and controls-based approach, as well as reducing limit profiles to help manage overall exposures and year-round policyholder engagements.

Pricing strategies have also shifted, with Marsh US reporting a full-year 2021 rate increase of 79.2 percent. Pricing in the international cyber insurance market has also continued to be challenging. The UK cyber rate of increase reached 68 percent in the second quarter of 2022, significantly moderated compared to 102 percent in the first quarter of 2021, while Continental Europe cyber insurance pricing spiked by 50 percent compared to 80 percent for the same period a year ago.

Reinsurance perspective

Over the last seven years, the cyber insurance market has averaged 30 percent year-on-year growth, with approximately 40 percent of the premium flowing to reinsurers. This increased demand has led to a heightened reliance on existing cyber reinsurance writers and created the need for new capacity, which is driving interest in alternative sources of capital. This dynamic also intensified the use of cyber analytics in reinsurance structure design, as well as igniting the need for alternative risk transfer methods such as cyber industry loss warranties, catastrophe bonds and event covers.

There are a number of actions cedants can take to secure capacity in this competitive environment:

  1. Invest in underwriting technology and cybersecurity offerings;
  2. Develop a risk tolerance strategy that is in line with changing loss vectors;
  3. Implement clear strategies with conviction in data, market landscape forecasts and underwriting acumen;
  4. Optimise available capital by partnering with a specialised cyber reinsurance broker.

Where Guy Carpenter can take you

Guy Carpenter’s global cyber practice provides our clients with industry-leading cyber risk insights, peer benchmarking and superior reinsurance execution. By leveraging our development and implementation of unique proprietary tools, a cross-functional analytics team embedded within the broader Marsh McLennan organisation and our dedicated global cyber broking team, we are able to balance structural innovation with minimised basis risk. This supports our clients in growing their profitability in this emerging risk arena.

Anthony Cordonnier is Global Co-Head of Cyber in London at Guy Carpenter

Erica Davis is Global Co-Head of Cyber in New York at Guy Carpenter