Insight & Analysis | Financial Technology & Services (FTS)

The Future of Cyber Insurance

May 21, 2024

A discussion from THL’s Third Annual Insurance Technology Webinar | May 2024

Key Takeaways:

Cyber insurance is essential for businesses as they navigate an increasingly digital world, offering financial protection against rising cyber threats that traditional insurance lines may not cover.
Despite challenges such as pricing volatility and threat uncertainties, the cyber insurance market is growing rapidly and is expected to amount to USD 480 billion of commercial premiums by 2040; this growth is largely driven by rising innovation and sophistication in risk assessment, policy coverage, and risk management strategies.
In our third annual Insurance Technology Webinar, THL’s Edward Shahnasarian and Tim Ferris discuss the cyber insurance landscape and where it’s heading with three industry experts: Corvus Insurance President Prashanth Gangu, CyberCube CEO Pascal Millaire, and Marsh McLennan Cyber Practice Leader Tom Reagan.

As businesses increasingly rely on technology to streamline operations and drive growth, cyber insurance has become a critical component of overall risk management and business continuity planning. This category of insurance addresses the evolving class of risks related to a company’s data assets and technology infrastructure, providing financial protection against cyber threats like ransomware or data theft that may not be covered by traditional property and casualty insurance policies.

The cyber insurance market, which is expected to amount to USD 480 billion of commercial premiums by 2040¹, is dynamic and rapidly evolving. Technological advancements continue to drive innovation and efficiency across many industries — but they also cause businesses to be heavily reliant on technology systems and more vulnerable to security breaches. As cyber risks continue to evolve in complexity and severity, the need for robust and tailored cyber insurance policies is more pressing than ever.

During THL’s third annual Insurance Technology Webinar, Managing Director Edward Shahnasarian and Principal Tim Ferris spoke with three cyber insurance experts — Corvus Insurance President Prashanth Gangu, CyberCube CEO Pascal Millaire, and Marsh McLennan Cyber Practice Leader Tom Reagan — about the current technology and business landscape and what to expect in the coming years.

Cyber Insurance Today

Recent estimates suggest the cost of cybercrime worldwide will reach USD 13.82 trillion by 2028². Cyber insurance plays a critical role in helping businesses mitigate this immense and ever-increasing financial impact by leveraging a range of innovative technologies and coverage options.

Through advanced data analytics, insurers and other cyber insurance actors assess cyber risk profiles and develop tailored insurance policies that address the specific needs and vulnerabilities of policyholders. Using predictive modeling techniques, they can forecast the likelihood and potential severity of future incidents to help price coverage and allocate resources for risk management.

Of course, a lot is still unknown as the landscape evolves and grows more complex, which underscores the need for cyber insurers to continuously innovate to improve underwriting and help businesses maximize their coverage and risk protection.

The Evolving Cyber Threat Landscape

The increased reliance on technology in today’s world expands a company’s attack surface, making it more vulnerable to threats like phishing attacks, data breaches, and ransomware. According to Millaire, ransomware alone “has grown to become the source of the majority of claims for many carriers, and the cost of those claims has increased by over 500% per claim since 2015.”

Thanks to technological advancements like AI and machine learning, insurers, policymakers, and businesses are improving their overall risk assessment and risk management efforts. But these technologies also empower cybercriminals to devise more intricate attack strategies, which are only growing in volume and sophistication. This leaves a lot of uncertainty around where threats go from here, how businesses can protect themselves, and what insurers are willing to cover.

Cyber insurance is a vital safety net, but challenges like silent cyber (cyber losses that insurers are unknowingly exposed to in non-cyber policies), uninsured cyber (risks not covered by a cyber policy) and unmodeled cyber (cyber risks not accurately captured in risk models) leave a lot of ambiguity when it comes to policy coverage and risk modeling.

The combination of this evolving threat landscape and the rise in silent, uncovered, and unmodeled cyber pose challenges and opportunities for players in this space — and it complicates the process of quantifying cyber risk, which is crucial for understanding the potential financial impact of cyber incidents on insurance portfolios or on an individual business.

Pricing Dynamics and Challenges

Cyber insurance pricing has been in a state of flux — partly due to market volatility and partly due to the rapidly evolving nature of cyber threats, the lack of historical data for modeling, and the impact of ongoing technological advancements. Experts agree that market dynamics will impact cyber insurance as it does other lines, but other factors are at play as well.

On one hand, the relative newness of cyber threats makes it difficult to quantify risk.

“Cyber is an entirely new class of risks that did not exist, you know, 50 years back,” Gangu said. “And as operations move online, and more of commerce happens in the digital space versus in the real world, the quantity of the risk itself goes up. It’s an evolving risk. We’re in the early stages of it so we’re all playing a bit of catch up in terms of pricing.”

On the other hand, pricing cycles are reflective of the underlying claims environment. In other words, as losses go up, premiums go up; conversely, as organizations invest in cyber security controls to mitigate risk, premiums come down.

Time will tell how existing cyber controls will adjust to threats as they become more prevalent and sophisticated, and we expect continued pricing volatility over the next couple of years as pricing models adapt.

Emerging Trends in Cyber Insurance

The future of cyber insurance is marked by emerging trends that reflect the evolving nature of cyber threats and the need for specialized, comprehensive risk management strategies:

Specialization: Insurers, brokers, and managing general agents (“MGAs”) are increasingly specializing in cyber insurance, offering tailored coverage and risk management solutions to address the complex and growing cyber threats faced by organizations every day.
Bundling: “There’s quite a bit that MGAs and carriers and brokers are doing to help their customers effectively mitigate [exposure risk],” said Ferris. “We’ve seen a few MGA models [that] are offering both a coverage as well as cybersecurity services, packaging things together.” MGAs have started doing this to provide clients with comprehensive protection against cyber risks, and we expect other players in the space to follow suit.
Collaboration: Collaboration among key players in the cyber space is also on the rise. By sharing insights, best practices, and threat intelligence, insurers, cybersecurity firms, and other stakeholders can enhance their understanding of cyber risks, improve underwriting and pricing efforts, and develop more effective risk management strategies.
Readiness: As cyber risks continue to escalate, organizations are recognizing the need for incident response readiness. In addition to proactively investing in risk management and response capabilities, Reagan urges organizations to conduct incident response drills on a regular basis. Doing so will help them identify response vulnerabilities and be better prepared should an incident arise.

These trends offer considerable promise for future protection against, or mitigation of, cyber attacks. Having a more collaborative and comprehensive understanding of cyber risk and protection should help businesses stay ahead of bad actors and preventfinancial loss.

Looking Ahead

We believe the cyber insurance market holds immense potential for investment. While many aspects of the market, such as adoption rates and overall size, are still in the early stages of maturity, it is growing at a faster pace than traditional lines did at similar points in their development. The market has witnessed considerable innovation and sophistication as the threat landscape continues to evolve, a trend we believe will only continue. Despite challenges around threat uncertainties and pricing volatility, cyber insurance remains a critical investment for businesses of all sizes, and organizations increasingly recognize its value in safeguarding their operations.

“[Cyber insurance is] perhaps the most dynamic market in insurance right now,” said Shahnasarian. “It’s such an interesting market as you think about [an] intangible risk, volatile pricing, and a product that’s still defining itself.”

To learn more about cyber insurance, watch our webinar reel here, visit THL.com, or contact our Insurance Technology team today:

Edward Shahnasarian, Managing Director
eshahnasarian@thl.com

Tim Ferris, Principal
tferris@thl.com

_______

^{_{1 Cyber Insurance: Massive Growth Opportunity With Considerable Risk. Jeffries. October 13, 2022.}}

^{_{2 Estimated cost of cybercrime worldwide 2017-2028. Statista Market Insights. November 15, 2023.}}