[BreachExchange] Cyber insurance could be credit negative for insurers: Fitch

Destry Winant destry at riskbasedsecurity.com
Wed Feb 7 18:51:15 EST 2018


Cyber insurance brings opportunities for business growth and
diversification for some insurers, but could be a credit negative for
others given the potential to generate larger future losses, according
to Fitch Ratings.

In response to the sharp increase in data breaches in recent years,
property/casualty (P&C) insurers' efforts to offer cyber risk coverage
for their policyholders have advanced significantly, and insurers'
cyber risk offerings are likely to expand further in 2018.

The number of US data breaches increased 44.7 percent in 2017,
according to the Identity Theft Resource Center and Cyber Scout. Such
a large one-year jump in incident frequency, combined with numerous
higher profile and more severe events in 2017 such as the Equifax
breach and the Wannacry and NotPetyaransomware attacks, highlights how
challenging it is for insurers to underwrite and actuarially price
cyber exposures in a rapidly evolving environment, according to Fitch.

Cyber insurance is currently a profitable niche segment for a number
of insurers but as the market grows and becomes more competitive,
Fitch believes that this opportunity may erode. Also, newer market
entrants may be more vulnerable to underpricing risks and exposure to
large future losses as they may lack the unique underwriting and
claims expertise needed for cyber insurance.

Demand for cyber insurance is likely to grow. Risk surveys such as the
recent Allianz Risk Barometer 2018 report continue to list cyber as a
top-10 business risk. At the same time, the Council of Insurance
Agents & Brokers' December 2017 Cyber Insurance Market Watch Survey
indicates that only 31 percent of respondents' clients had purchased
some form of cyber coverage. Further, a 2018 report by Lloyd's and AIR
Worldwide estimates that a cyber event that knocks out a major US
cloud provider for several days could cause $6.9 billion to $14.7
billion in damages, with only about 20 percent of those losses

Demand for cyber insurance will also be spurred by increased
regulation. This year, the European General Data Protection Regulation
(GDPR) will introduce more stringent notification requirements for
data breaches. Such regulations not only foster awareness of cyber
risks but also increase the potential for fines and penalties when
data breaches and other cyber incidents occur.

More businesses are seeking specific stand-alone cyber insurance
policies to cover a wider variety of cyber exposures. For example, an
increase in critical data theft and ransomware attacks is leading to
greater interest in first-party business interruption and property
damage coverage. Similarly, a rise in public company shareholder suits
from cyber incidents that have generated large losses and reputational
damage is leading to greater demand for cyber coverage specific to
directors' and officers' liability policies.

Cyber, Insurance, Reinsurance, Growth, Global

More information about the BreachExchange mailing list