Aon’s cyber solutions team provides a recap of the 2021 risk environment and highlights pricing data, key market movements and the notable cyber loss trends observed. They also share insights on expected conditions as we move into 2022, and how captives can provide potential relief from cost pressures.
Cyber insurance tougher buy
The wave of ransomware incidents, and to a lesser extent Covid, made the cyber insurance market both tougher and tighter. Market pioneer AON provides some needed insights and pointers.
The cyber insurance companies suffered severely from higher than expected expenditures, due to a heavy increase of ransomware incidents (though somewhat leavened by a decrease of privacy related data breaches). The market did ‘not get it right in the past cycle because of too much substandard risk’. So today they select better risks, and as a result, clients find it more difficult to get coverage, usually at a (much) higher cost and with more restrictions and exclusions.
Bar is raised
Bluntly, risk carriers grill (prospective) customers more thoroughly regarding risks, security controls and proven resilience (business continuity, disaster recovery…). The bar of insurability has been massively raised, with redlines made absolutely clear by the insurance parties. So prepare to spend more time answering questionnaires and in negotiation. Luckily, there is a willingness to make this underwriting process also useful for other purposes, also with an eye to more consistency year to year, and some real discussion determining needed coverage (with clients acquiring more insight to make go/no go decisions). Indeed, the cyber insurance process should be complementary to the development and implementation of a cyber security strategy. Even to the extent of insurance companies providing input regarding vendors and partners. And clearly, another aspect that was raised was pricing.
In short, clients must weigh their choices, from getting out, to pausing, or considering more precise what exact to cover. This webinar points out several aspects to consider!
Exclusions, stricter wording
The wave of ransomware incidents entails quite some changes in what is being covered, with more exclusions. Including some clearer rules and procedures regarding payment of ransom (e.g., be able to explain why and how you decided it made sense to pay the ransom). Risk carriers also focus more on systemic risks, with software supply chain risks as exemplified by the Solarwinds incident. Again, it requires clients to pay more attention to procedures and decision processes.
Interestingly, the webinar also discusses the possibilities of alternatives, including e.g. co-insurance, captive insurance companies en even ILS structures. Again with some interesting pointers.
Cyber insurance has become much more a matter of ‘conversation’ between a number of stakeholders (from risk carriers to brokers, third parties and clients), in a more complex and tougher market. In you consider entering this market, this webinar will provide a solid snapshot of today’s challenges and opportunities.
You can watch the recording here.