Stricter policy language, price increases and increased scrutiny at policy initiation made for a tumultuous couple of years in the cyber insurance market. Despite this, 36% of Marsh’s clients report purchasing cyber insurance in 2022, up from 33% who purchased it a year ago, a newly released report on US Cyber Purchasing Trends in Marsh found.
Companies with more than $1 billion in annual revenue are more likely to purchase cyber insurance than companies with less revenue. Larger companies tend to have more robust technology systems, along with a strategy to manage cyber-related threats.
Lloyd’s of London ordered the new war participation, effective on March 31, 2023, there are companies thinking about the approach of war insurers and the potential risk of disaster.
Cyber insurers are turning their focus to possible catastrophic cyber risks, the report said, “including fallout from geopolitical conflicts and related nation-state activities, changes in policy separations and the possible impact from a point of failure.”
“The increase in the number of organizations purchasing coverage is a positive trend, reinforcing the view that insurance is an important part of a holistic cyber risk management strategy. The buyer uncertainty still remains though – namely around war, cyber operations, and systemic/catastrophic risk separations,” said Greg Eskins, US cyber product leader.
Marsh found a significant change in purchasing in 2022, related to how clients make decisions to purchase coverage and manage their cyber insurance programs.
Clients generally continued to increase their self-insured retentions (SIRs) early in 2022. As the market improved and pricing increased throughout the year, SIRs began to decline as coverage became more available and affordable, a trend that continues to 2023, according to the report.
The percentage of clients purchasing higher limits increased as SIRs decreased, from 10% in the second quarter of 2022 to 16% in the fourth quarter, the report said. “Increased competition among cyber insurers – driven in part by improvements in potential clients’ cyber controls – has positively impacted pricing for clients looking to increase limits.”
Seeking more control over their cyber programs, the number of Marsh-managed captive insurers writing cyber coverage increased by 75%.
“Captives have become an increasingly useful tool for organizations over the past couple of years as they face difficult cyber market conditions,” said Ellen Charnley, president of Marsh Captive Solutions. “In some cases, organizations fund their entire cyber risk to become a captive, but often they use cell captives to fund different layers within their larger cyber program. .”
Purchasing trends vary by industry. Clients in the education industry reported the highest take-up of cyber insurance than any other industry, at 60%. Healthcare ranked second at 56%.
Those clients in the life sciences industry and financial institutions also reported a significant increase in the rate of purchasing cyber insurance, by 20%, during the three periods from 2020-2022.
US cyber rates continue to decline from their peak in December 2021: 17.1% (Dec. 2022) versus 133% (Dec. 2021), according to the report.
“The US cyber insurance market continues to stabilize. Barring unforeseen events, we expect to see a continued decline in the rate increase for the rest of 2023, especially for organizations with good cyber hygiene and loss of history,” said Meredith Schnur, Marsh’s US cyber brokerage leader.
Ransomware-related claims increased by 77% in the first quarter of 2023, while privacy-related claims increased by 85% during the same period.
The decrease in attack frequency, including international sanctions in response to Russia’s invasion of Ukraine, which hindered the movement of ransom money, was noted as contributing to the decrease in ransomware attacks in 2022.
This year, however, new ransomware groups have emerged at the same time as “established threat actors are executing massive ransomware attacks,” the report said.
As the complexity of risk increases, Marsh views the continued increase in cyber insurance coverage as a positive, underscoring organizations’ view of the importance of cyber resilience.
Cyber risk management is best managed in general through various measures such as predictive aggregation models, cyber insurance, and by sharing information with members of the private and public sectors, the global insurance broker noted.
Interested in Cyber?
Get automatic alerts for this topic.