Executive summary
The GB cyber insurance market has continued to follow the trends that first emerged in 2021. In addition, the challenges presented by the Russia/Ukraine conflict have brought policy coverage into greater focus.
In particular:
- Q1 2022 placements experiencing further hardening
- Capacity remaining a key topic – reductions but also some new capacity
- Continued premium increases, exacerbated in excess layers
- Insurer focus on sustainable policy retentions/excesses
- Policy coverage increasingly under review
- Acute focus on war and terrorism exclusionary language
- More detailed underwriting information required
This update is a general overview of these key developments, analysing the current conditions in the GB Cyber insurance market for both international and domestic companies. The analysis is based on our own observations of the market and uses WTW proprietary data unless otherwise stated.
Cyber insurance market capacity
Several insurers continued to reduce their capacity and/or tighten their underwriting requirements to manage their exposure and avoid the risk of aggregation of losses from one widespread incident. As such, securing capacity within the first USD/GBP/EUR50m of capacity continued to be challenging, albeit competition for such attachments continues to increase.
Insurers were increasingly willing to only offer capacity for risks fitting squarely within their appetite in terms of the quality of cyber security controls, with the perceived adequacy of the same being key to the appetite of insurers.
Some insurers are exercising additional caution before offering new business capacity to accounts that could be considered at increased risk from the Russia/Ukraine conflict, such as telecommunications, financial institutions and critical national infrastructure.
Premiums & self-insured retentions
Premium increases also followed on excess layers with percentages exceeding those for the primary layer. This reduced the premium discount on those excess layers compared to the primary.
Insurers remain focused on self-insured retentions being set at a level they deem adequate for the scale of the account in question. This has resulted in many accounts renewing in Q1 2022 experiencing a self-insured retention increase in-line with accounts in H2 2021 (i.e. often in excess of 100%).
Policy coverage
Insurers remain very focused on systemic risk. Many are considering how they will manage this. One major global insurer has already implemented a sub-limit approach for systemic loss events. Further developments in this space are expected during 2022.
The conflict in Ukraine has led to an acceleration by insurers in reviewing their approach to war exclusionary language, which has a very close link to systemic risk. During Q1, insurers’ approach to the war exclusion fell into the following categories:
- Sticking with the N.M.A. 464 War and Civil War Exclusion Clause – with various amendments / cyber terrorism cover ‘carved-back’
- Drafting an updated exclusion based (to some extent) on N.M.A. 464 or drafting a new exclusion all together
- Considering using one of the four model clauses proposed by the Lloyds Market Association LMA)
Insurers continue to utilise ransomware coinsurance and/or sub-limits where they are not satisfied that a client’s security meets the insurer(s) own minimum standards, with some not willing to consider offering cyber coverage if their standards are not met. Insurers’ views on minimum controls have increasingly varied levels of flexibility, giving clients the opportunity to advocate for their approach with the support of their broker
Claims & notifications
The ransomware pandemic (as coined by AGCS)1. is still with us at this juncture, with 44% of respondents to their Risk Barometer 2022 citing cyber incidents as their biggest concern2.
However, in slightly more positive news Coveware in their recently released Q4 20213. ransomware update, called out the cyber insurance renewal process is one of the four positive developments aggregating pressure on the rise of ransomware attacks, resulting in the attacks being more costly to execute.
Coveware also commented that:
The continuing trend of data exfiltration is a key consideration with a ransomware event then impacting both a client’s business operations (incident response, recovery, first party business interruption & ransom payment) but also its liabilities to the data subjects and any relevant regulators.
Cyber hygiene – control adequacy
What can clients do to be market ready?
Preparing for your renewal
- Ensure key stakeholders (for example board and CISO) are briefed on likely renewal challenges, including increased self-insured risk retention.
- Consider the bigger picture, what is the defining renewal priority to guide strategy
- Allow plenty of time to collate renewal information & to review/refine this with the help of your cyber brokers
- Working with your brokers, ensure insurers receive necessary context to frame your cyber underwriting information
- Consider cross class leverage with key insurer partners
- Be self-aware in your navigation of the cyber market, demonstrating desire to partner with insurers
Insurers are increasingly requiring clients to make written cyber submissions in addition to presentation meetings. They also require clients to have minimum cyber security controls in place before offering renewal or new capacity. In Q1 2022 two major cyber insurers have already updated their ransomware questionnaires to include a significant number of additional questions, which the insurers in question state the aim of its to reduce the number of follow up questions clients regularly receive in response to their initial written & oral renewal/new business submissions.
Footnotes
1 https://www.agcs.allianz.com/news-and-insights/news/cyber-risk-trends-2021-press.html
2 https://www.agcs.allianz.com/news-and-insights/news/cyber-risk-trends-2021-press.html
3 https://www.coveware.com/blog/2022/2/2/law-enforcement-pressure-forces-ransomware-groupsto-refine-tactics-in-q4-2021
Disclaimer
Willis Towers Watson offers insurance-related services through its appropriately licensed and authorized companies in each country in which Willis Towers Watson operates. For further authorization and regulatory details about our Willis Towers Watson legal entities, operating in your country, please refer to our Willis Towers Watson website. It is a regulatory requirement for us to consider our local licensing requirements.