2022 was a banner year for the cyber insurance market, which saw premiums grow by 50% - bringing the size of the total market to $7.2 billion. Much of that growth is a direct result of improved underwriting practices which led to better loss ratios that were down by 23 points (from 66% to 43%) on standalone policies and down 18 points on packaged policies, falling from 66% to 48%.
This growth continues a trend of steep upward trajectory over the past three years during which time premiums written in the cyber insurance space have tripled on a wave of increasingly high demand. The growing demand for cyber insurance is inspired in part of course by the perceived threat that hackers and other bad actors working online pose as well as the increasing damage that those bad actors are capable of doing with more and more business processes relying on digital data, cloud access, and other vulnerable platforms in order to function.
In actuality, ransomware attacks were down in 2022 from years prior, but those numbers are expected to rebound to previous expectations throughout 2023. Further, as the cyber environment continues growing in both complexity and user base, magnified by the emerging risks posed by artificial intelligence, most experts forecast the demand for cyber insurance to keep climbing for the foreseeable future.
Some of the main factors that made possible the significant improvement in calendar-year results recently in the cyber insurance market are ongoing rate increases, increased retention amounts, better-performing data-guided risk selection processes, and more disciplined underwriting, which has involved deploying several tactics including reduced limits.
Another emerging trend is the movement in the market toward standalone policies, which now constitute more than 7 out of 10 cyber insurance policies that are being written. In fact, more standalone cyber insurance policies were written last year than the total amount of all cyber insurance policies written in 2021, and this trend toward standalone policies is generally considered a positive development as it can lead to reduced disputes and litigation expenses.
Even with ransomware attacks down last year, 3 out of 4 reported claims were still first-party claims. Further, a growing proportion of those claims coming from policy-holders were with regard to compromised business email issues, although the number of third-party claims certainly remains significant, as well.
Though the cyber insurance industry is evidently evolving right alongside cyberspace itself, there are still some major systemic risks in the cyber insurance market that should not be ignored. While property/catastrophe coverage in any given event is typically limited to a geographic region, large or small, the scale of that risk is very different from the global exposure and injury that a single worldwide cyber catastrophe could potentially create, just as one example. Cyber coverage as it pertains to war is another gray area with difficult-to-assess risk that will become increasingly relevant as the means and methods of war are increasingly accessed and implemented via remote, digital connections.
Cyber insurance has clearly come a very long way from its infancy in the relative early days of the first dot com boom, but, as with the contents of the internet, crafting cyber insurance policies to provide optimum coverage will likely remain a work in progress indefinitely. As long as the internet continues to change shape and there are those who will exploit any resulting vulnerabilities, cyber insurance will continue adapting too, and demand will likely continue to grow in proportion to that increasingly varied and prevalent supply.
You can read more about this topic here.