All material subject to strictly enforced copyright laws. © 2021 Insurance Insider is part of Euromoney Institutional Investor PLC.
Accessibility | Terms & Conditions | Privacy Policy | Modern Slavery Act | Cookies | Subscription Terms & Conditions

Rising loss costs drive cyber rates to inflection point


Concerns over claims aggregation, a proliferation of ransomware claims and a narrowing of the appetite for broader management liability risks among major carriers have begun to reverse years of widening cover and falling premium rates in the cyber market.

Underwriters speaking to The Insurance Insider said they had achieved rate rises of around 15-20 percent across complex accounts such as retail and healthcare.

However, price increases are not yet uniform in the market and while pricing has risen for loss-hit and difficult-to-place accounts, clean accounts for small- to mid-sized entities are in many cases renewing their cover flat or with a low single-digit increase.

Cyber experts canvassed also described a global market split by geography, with rates for cyber cover quoted at Lloyd’s generally a few points higher than those offered by US domestic insurers. 

The uptick in cyber rates follows years of declining pricing amid a surfeit of market capacity, and accompanies a surge in ransomware claims that began during the third and fourth quarters of 2018.

While cyber business continues to be profitable, sources also said concerns about risk aggregation and claims volatility in cyber had now reached management level, and underwriters are feeling more pressure to bring more premium in for the risk they are writing.

While major markets have yet to withdraw fully from the class, this publication understands that a number of carriers have started to offer smaller line sizes and curtail their appetite for MGA business – suggesting a tightening in the market.

The Insurance Insider’s key takeaways from the market are:

  • Some complex placements for insureds such as retailers and healthcare firms are receiving 15 to 20 percent rate hikes. Clean, easy-to-place risks are either renewing flat or receiving low single-digit rises.

  • Upward pressure on primary insurance pricing is slowly filtering through to higher layers on excess-of-loss (XoL) placements, although here pricing can still be competitive.

  • Rising cyber loss ratios and the prospect of claims aggregation is attracting more attention from senior executives and reinsurers, putting pressure on underwriters to raise rates and manage exposures.

  • Increasing claims frequency and severity from ransomware in particular is providing further impetus for price increases.

  • Insurers are buying more XoL cyber reinsurance protection in a bid to protect net retentions.

Carriers enforce rate hikes

Multiple underwriting sources said they had achieved low double-digit rises on large complex risks and higher-risk sectors in recent weeks and suggested the cyber market may be approaching a long-awaited pricing inflection point.

One US market source said most middle-market risks were getting rate rises “of around 5 percent”, but added that carriers would be doing “really well” to achieve 20 percent increases on even the hardest-to-place risks.

Speaking to The Insurance Insider another source said rate increases for market sub-segments such as technology errors and omissions (E&O) were also influencing cyber pricing.

“We’re seeing rises of most 5 percent, except tough risks which are seeing 15-20 percent.

“It’s also getting confusing with the tech coverage in some policies – that’s inflating the increase as [pricing in] the E&O market in general is increasing by 20 percent roughly,” another London-based source added.

The general uptick in pricing represents a marked change from the prior-year period when a surfeit of capacity meant many insureds either renewed their cover with flat premium rates and often broader terms.


Multiple cyber experts characterised the present market as choppy and unstable, with rates varying significantly by type of business and geography. Underwriting sources were also concerned by the continued breadth of cover being offered in some instances.

“We are still getting some accounts where wording is broadening but premium is staying flat,” according to one source.

Several cyber sources described a bifurcated market, with some US markets – notably a number of West Coast MGAs – perceived as more aggressive with pricing than syndicates writing cyber cover at Lloyd’s.

Insurers are seeking to manage exposure and there is anecdotal evidence of carriers pulling back their support for cyber MGAs based in the US and in the UK.

Market sources speaking to this publication said at least one US West Coast MGA had been left seeking new paper and said this indicated a more conservative approach being adopted by some carriers towards cyber business and the desire to ensure risk selection remains in house.

It has also been suggested that a broader pull-back by larger company market carriers including AIG, Chubb and QBE in the US directors’ and officers’ (D&O) market has had a knock-on effect on the appetite for cyber written in the US domestic market.

One broking source speaking to The Insurance Insider said pressure from senior management to reduce liability exposures had influenced the upper layers of cyber XoL placements, where capacity is not as forthcoming as in previous years and the quality of capacity available has, for some clients, become an issue.

Rising loss costs have heightened concerns over whether the volume of premiums written in the cyber market is sufficient to pay for the increase in the frequency and severity of attritional losses going forward. Major cyber attacks on companies including British Airways, Capital One, Equifax and Marriott have also highlighted the volatile nature of the class.

“Underwriters are concerned on the ultimate margin they are getting, now that claims severity is spiking,” a London-based source said, adding that for Lloyd’s syndicates writing a circa $30mn book of cyber business, one $10mn loss could wipe out profits for an entire year.


As the cyber market has grown and matured, claims frequency has naturally increased. AIG claims data for Europe, Middle East and Africa shows that the carrier received claims for 45 percent of policies in 2018, compared with 28 percent in 2017 and 18 percent in 2016.

However, loss ratios are also creeping upward and pressuring margins, and concerns have been raised by some underwriters that the market is failing to realise the true cost of claims.

Speaking to this publication earlier in the year, sources warned that some gross loss ratios were likely to rise above the historic 50 percent market average for Lloyd’s. This figure is understood to relate to the years 2014 to 2017, when a significant number of buyers came to the market for classic data breach-type products.

However, there have been warnings that historical loss ratios cannot necessarily be relied upon for forward projections, as ratios for 2017 will have been more weighted towards the more typical – and better understood – data and privacy breach business, and would not necessarily account for business interruption-type exposures.

This has given underwriters further impetus to push for more premium to accommodate a changing loss picture.

Ransomware attacks raise loss costs

Among sources canvassed by this publication, claims stemming from rising ransomware attacks were cited as a key area of concern for underwriters and an important source of determination to push for rate.

Attacks carried out using ransomware can be more damaging to an insured because they are usually employed by sophisticated criminal groups with a detailed understanding of a target – and the size of its balance sheet.

“Ransomware is definitely one of the drivers [of rate rises] because there are more attacks and higher ransoms.

“Hackers are focusing more on middle market where it is more lucrative but security isn’t necessarily very sophisticated,” one source said.

In October, the FBI issued an alert about an uptick in ransomware attacks across sectors including healthcare, and state and local government. According to a report by digital security firm McAfee ransomware attacks have more than doubled in 2019 so far.


Figures revealed by Beazley in October showed a 37 percent spike in the number of ransomware incidents reported to the carrier across the third quarter, compared with the prior three months.

The carrier added that around 25 percent “of all ransomware incidents reported to Beazley Breach Response Services in the third quarter of the year were found to have started with an attack on an IT vendor or managed service provider”, the carrier said.


AIG’s latest cyber claims report for EMEA also showed that ransomware was the second-most commonly reported claims incident in its portfolio for 2018.

While ransomware had become marginally less prevalent than 2017, when it was the leading breach type, ransom requests have increased in size and attacks have become more targeted, AIG said.

Ransomware attacks also have the potential to spur a litany of business interruption claims, with one source identifying this as an area where aggregation posed a serious concern.

“The problem with ransomware is you get both a first-party loss and then potentially substantial third-party losses from business interruption, or contingent business interruption.

“There is potential for aggregation. I know of one software provider who had an attack and then 30 of their clients which were affected by the downtime also claimed,” he added.  

The nature of claims hitting the market has changed substantially since late 2018, with carriers now using cyber security firms to make ransom payments to cyber criminals in a bid to secure the release of compromised systems and achieve the best possible outcome for clients.

Some sources speaking to The Insurance Insider drew a parallel with the evolution of the kidnap and ransom (K&R) market at Lloyd’s in the mid-20th century, when collaboration with security firms such as Control Risks allowed insurers to participate in an otherwise disorderly and ungovernable market.

The rise in frequency of ransomware attacks has also led brokers to work harder to encourage insureds to invest in the best possible digital security solutions before seeking cover from the market

Insurers buy more reinsurance

The cyber insurance market is heavily reliant on reinsurance – with around 40 percent of all cyber risk ceded – and carriers have sought to buy more protection as aggregation concerns mount.

Participants in the standalone cyber reinsurance market last month told The Insurance Insider that while quota share structures are still bought most, the past year has seen rising demand for a solution that can help protect net retentions.

“Applying reinsurance structures to insurers’ market shares, you would find that 80 percent of the market is protected by some sort of proportional arrangement,” Anthony Cordonnier, head of cyber product management at Swiss Re told this publication earlier in the year.

“About half of that number is protected by a mixture of proportional and non-proportional covers, generally a combination of quota share and aggregate stop loss,” he added.

Despite more frequent and high-profile losses in recent months, including the Capital One data breach, cyber insurance books generally run profitably and cedants are keen to retain more of that profitable premium, although to date cessions have not come down significantly.

Sources speaking to this publication last month said that a 50 percent cession rate on a standalone cyber quota share was not unusual but that this varied by cedant. 


We use cookies to provide a personalized site experience.
By continuing to use & browse the site you agree to our Privacy Policy.
I agree