GB Cyber Insurance Update: Q1 2022

Executive summary

The GB cyber insurance market has continued to follow the trends that first emerged in 2021. In addition, the challenges presented by the Russia/Ukraine conflict have brought policy coverage into greater focus.

In particular:

Q1 2022 placements experiencing further hardening
Capacity remaining a key topic – reductions but also some new capacity
Continued premium increases, exacerbated in excess layers
Insurer focus on sustainable policy retentions/excesses
Policy coverage increasingly under review
Acute focus on war and terrorism exclusionary language
More detailed underwriting information required

This update is a general overview of these key developments, analysing the current conditions in the GB Cyber insurance market for both international and domestic companies. The analysis is based on our own observations of the market and uses WTW proprietary data unless otherwise stated.

Cyber Resiliency is delivered across 3 stages of: assessment, Quantifying and protecting.

Cyber insurance market capacity

Several insurers continued to reduce their capacity and/or tighten their underwriting requirements to manage their exposure and avoid the risk of aggregation of losses from one widespread incident. As such, securing capacity within the first USD/GBP/EUR50m of capacity continued to be challenging, albeit competition for such attachments continues to increase.

Insurers were increasingly willing to only offer capacity for risks fitting squarely within their appetite in terms of the quality of cyber security controls, with the perceived adequacy of the same being key to the appetite of insurers.

Some insurers are exercising additional caution before offering new business capacity to accounts that could be considered at increased risk from the Russia/Ukraine conflict, such as telecommunications, financial institutions and critical national infrastructure.

Premiums & self-insured retentions

50-100%

Rate and premium increases of more than 50-100% on the primary layer were not uncommon in Q1

Premium increases also followed on excess layers with percentages exceeding those for the primary layer. This reduced the premium discount on those excess layers compared to the primary.

Insurers remain focused on self-insured retentions being set at a level they deem adequate for the scale of the account in question. This has resulted in many accounts renewing in Q1 2022 experiencing a self-insured retention increase in-line with accounts in H2 2021 (i.e. often in excess of 100%).

Policy coverage

Insurers remain very focused on systemic risk. Many are considering how they will manage this. One major global insurer has already implemented a sub-limit approach for systemic loss events. Further developments in this space are expected during 2022.

The conflict in Ukraine has led to an acceleration by insurers in reviewing their approach to war exclusionary language, which has a very close link to systemic risk. During Q1, insurers’ approach to the war exclusion fell into the following categories:

Sticking with the N.M.A. 464 War and Civil War Exclusion Clause – with various amendments / cyber terrorism cover ‘carved-back’
Drafting an updated exclusion based (to some extent) on N.M.A. 464 or drafting a new exclusion all together
Considering using one of the four model clauses proposed by the Lloyds Market Association LMA)

Insurers continue to utilise ransomware coinsurance and/or sub-limits where they are not satisfied that a client’s security meets the insurer(s) own minimum standards, with some not willing to consider offering cyber coverage if their standards are not met. Insurers’ views on minimum controls have increasingly varied levels of flexibility, giving clients the opportunity to advocate for their approach with the support of their broker

Claims & notifications

The ransomware pandemic (as coined by AGCS)¹. is still with us at this juncture, with 44% of respondents to their Risk Barometer 2022 citing cyber incidents as their biggest concern².

However, in slightly more positive news Coveware in their recently released Q4 2021³. ransomware update, called out the cyber insurance renewal process is one of the four positive developments aggregating pressure on the rise of ransomware attacks, resulting in the attacks being more costly to execute.

Coveware also commented that:

1k - 10k

The average ransom payment for companies with between 1000 to 10,000 employees was well north of one million dollars.

84%

of ransomware attacks included data exfiltration

20days

The average case duration of a ransomware attack was 20 days in Q4 2021

The continuing trend of data exfiltration is a key consideration with a ransomware event then impacting both a client’s business operations (incident response, recovery, first party business interruption & ransom payment) but also its liabilities to the data subjects and any relevant regulators.

Cyber hygiene – control adequacy

What can clients do to be market ready?

Preparing for your renewal

Ensure key stakeholders (for example board and CISO) are briefed on likely renewal challenges, including increased self-insured risk retention.
Consider the bigger picture, what is the defining renewal priority to guide strategy
Allow plenty of time to collate renewal information & to review/refine this with the help of your cyber brokers
Working with your brokers, ensure insurers receive necessary context to frame your cyber underwriting information
Consider cross class leverage with key insurer partners
Be self-aware in your navigation of the cyber market, demonstrating desire to partner with insurers

Insurers are increasingly requiring clients to make written cyber submissions in addition to presentation meetings. They also require clients to have minimum cyber security controls in place before offering renewal or new capacity. In Q1 2022 two major cyber insurers have already updated their ransomware questionnaires to include a significant number of additional questions, which the insurers in question state the aim of its to reduce the number of follow up questions clients regularly receive in response to their initial written & oral renewal/new business submissions.

Footnotes

¹ https://www.agcs.allianz.com/news-and-insights/news/cyber-risk-trends-2021-press.html

² https://www.agcs.allianz.com/news-and-insights/news/cyber-risk-trends-2021-press.html

³ https://www.coveware.com/blog/2022/2/2/law-enforcement-pressure-forces-ransomware-groupsto-refine-tactics-in-q4-2021

Disclaimer

Willis Towers Watson offers insurance-related services through its appropriately licensed and authorized companies in each country in which Willis Towers Watson operates. For further authorization and regulatory details about our Willis Towers Watson legal entities, operating in your country, please refer to our Willis Towers Watson website. It is a regulatory requirement for us to consider our local licensing requirements.

Author

Simon Basham

Head of Cyber & TMT Broking (UK) FINEX GB

email Email phone +44 7795 855 925

Contacts

Martin Berry

Director
FINEX GB - Cyber & TMT

email Email phone +44 1473 223726

Dean Chapman

(Cyber Risk) Lead Consultant, GB Cyber Risk Solutions

email Email phone +44 7920 211779

Matt Ellis BSc (Hons), MSc

Director - FINEX GB - Cyber & TMT

email Email phone +44 20 3124 6611

Adrian Ruiz