Cyber insurance remains an area of growth opportunity for property and casualty insurers, particularly in the face of large-scale risk factors.
According to a new report, “CYBER: Insights on the current and future state of the US cyber insurance market” from Risk Placement Services (RPS), insurtechs, MGA startups, and other new players are creating a lot of extra capacity in the market, while some existing carriers are loosening underwriting standards to maintain market share.
“Those markets that were previously only offering a $1 million or a $2 million limit have since gone to $5 million,” said RPS National Cyber Practice Leader Steve Robinson in the new report. Widespread premium reductions and additional capacity are still defining the market, with limit availability increasing, even as risks become more prominent, he added.
“We’re seeing more now that can do $10 million and even some at $15 million, and that’s reflective of the capacity,” Robinson said. “A lot of carriers are trying to get creative so they don’t lose premium or market share by offering products that are of greater value.”
According to Jack Rosen, RPS area assistant vice president, the market will remain unsettled until the next wave of consolidation reduces the number of carriers. Inconsistencies in carrier approaches, especially in handling claims adjudication and methodologies employed for pricing risk, also contribute to the potential for lingering volatility.
“Premiums today are so low that you’re seeing $100,000 or $200,000 claims on policies with a $5,000 premium,” Rosen said in the report. “And many claims are not necessarily traditional data loss claims but financial-related incidents like social engineering fraud and invoice manipulation, all involving insureds inadvertently sending money to bad actors. They’re being fooled into who they’re sending their money to, and it is turning into larger and larger claims.”
In response to the evolving threat landscape, carriers are adapting services to increasingly offer preventative resources like training, risk assessments and security tool access.