The cyber insurance market is poised for significant growth over the next several years as cyberattacks continue to grow in number and sophistication, with the potential to cause major financial and reputational damage and disrupt business operations, according to a new report from Moody’s Ratings.
However, as profitability has improved and cyber underwriters are able to better manage and withstand attritional losses, some insurers are reportedly shifting toward excess of loss treaties to manage widespread events.
While the cyber insurance-linked securities (ILS) market still remains small, several insurers have issued cyber catastrophe bonds since early 2023.
If you recall, Beazley closed its first 144A cyber catastrophe bond providing cover of $140 million, at the beginning of the year. Then in May, the firm sponsored its second 144A cyber catastrophe bond, securing an additional $160 million of capital markets-backed cyber reinsurance coverage via a PoleStar Re Ltd. (Series 2024-2) issuance.
Moving forward, Moody’s explains that an increase in ransomware attacks and large losses could wind up prompting higher loss ratios, keeping price declines in check, particularly in the United States.
“Although losses will likely increase, we expect the segment to remain profitable in 2024, absent a major catastrophe event. Cyber catastrophes could include cloud downtime, ransomware attacks and data breaches. The recent CrowdStrike Holdings, Inc. incident highlighted the broad risks posed by a single point of failure and the degree to which many segments of the economy are interconnected and interdependent. It remains challenging to analyze widespread outages and cyberattacks,” Moody’s said.
According to reinsurer Munich Re, premiums written in the global cyber insurance market were approximately $14 billion in 2023, more than doubling over the last five years, and could potentially wind up reaching $29 billion by 2027.
But, despite its rapid growth rate, the cyber insurance market is still not mature, with meaningful variations in policy language, terms and conditions across the industry, Moody’s notes.
“Loss ratios likely to move higher given uptick in ransomware and large losses. An increase in ransomware attacks and large losses could prompt higher loss ratios, keeping price declines in check, particularly in the US. Although losses will likely increase, we expect the segment to remain profitable in 2024, absent a major catastrophe event,” Moody’s added.
Furthermore, Moody’s highlighted how the recent CrowdStrike outage demonstrated the broad risks posed by a single point of failure and the degree to which many segments of the economy are interconnected and interdependent.
“It remains challenging to analyze widespread outages and cyberattacks. Cyber modeling has advanced, but the risks are constantly evolving, which creates uncertainty around return periods and the likelihood of an event. Recent large losses and supply chain attacks will prompt further scrutiny of policy language, risk aggregations and modeling practices,” Moody’s concludes.