2022 was certainly a time of change for the cyber insurance market and it’s looking like more of the same over the next 12 months. However, in my view, 2023 should see a number of positive changes that will benefit insureds and deliver a more sustainable market that will attract new capacity and deliver even greater choice.

While the cyber threat landscape is constantly evolving as criminals look for new vulnerabilities to exploit, one thing remains constant. The primary motivator for cyber criminals has always and will continue to be making as much money as they can and as quickly and as easily as possible.

In response to the increasing severity of ransomware attacks, insurers have pivoted their customer proposition to deliver more proactive risk management. This has evolved further over the past year, to actively seeking to prevent claims – using threat intelligence feeds from a variety of sources to identify customers who are being targeted by hackers and helping to remediate an issue before it turns into a claim.

I believe that this claims prevention service is going to become an increasingly essential part of any cyber insurer’s offering over the next 12 months. Rather than asking a cyber insurer ‘how many claims have you handled’, I would like to see brokers and risk managers asking ‘how many claims have you prevented’ come the end of 2023.

Rising ransomware costs and fears around systemic risk have driven up the cost of cyber cover. The good news for brokers and risk managers is that, unless the threat environment deteriorates, then the market should begin to stabilise throughout 2023. Barring any significant movements, I believe insureds can expect to see stabilisation in rate in the months ahead.

The market is hopefully reaching a point of rate adequacy. Discipline will be required to ensure that performance doesn’t revert to where it was but, on the whole, we should see some relief in the level of rate rises.

The industry still has a huge job to do in increasing the adoption of cyber insurance, particularly at the SME end of the market, and hopefully some stability in the market will allow us to focus more effort on educating new buyers on how critical it is that they get the protection they need.

Consistent cyber catastrophe solutions will begin to emerge

The market has experienced several high-profile systemic loss events, yet none have had the major loss implications many feared - Kaseya being just one example. However, the fact remains that uncertainty over the potential for major loss aggregation has created a challenge when it comes to attracting new capital to the market.

A recent Lloyd’s mandate has put an onus on Lloyd’s backed insurers to make it clear that acts of cyber war which result in catastrophic outcomes to target states are to be included in the definition of ‘war’. This brings much needed clarity on the intention of cyber insurers with use of existing war exclusions.

There is still currently no clear agreement, however, on exactly how the market should identify and define catastrophic cyber events. This could change, though, with moves in the UK to establish an independent body for the purposes of doing just that. And if there is clear agreement on a method for identifying these events, then the market can work to create solutions for insuring them.

A clearly defined cyber event declaration system could attract private capital to the market, allowing insurers to be consistent in describing which types of event they are happy covering and which types they might want to reinsure, meaning that either way the client still gets the cover they need.

I think it’s likely that we’ll see ideas such as this start to progress throughout 2023 and hopefully lead to the creation of a model that can be followed internationally, ultimately helping to ensure the long-term success of the cyber market.

Share Story: