Rapid Cyber Claims Growth and Questions about Insuring Privacy Claims
Last month, The Insurer highlighted a report from ratings agency A.M. Best, which revealed that “cyber claims growth greatly exceeded in-force policy growth in 2018.” According to the report, “first-party reported claims topped 12 million in 2018, and…packaged first-party claims exceeded 5 million for the first time, while total packaged claims exceeded 10 million.” This added up to an overall growth in number of claims of 39% year-over-year, in comparison to a 15% growth for policies-in-force.
Direct premiums written (DPW) also grew at a slower rate between 2017 and 2018. Though DPW exceeded $2 billion in the U.S. for the first time in 2018, the year-over-year percentage increase in DPW between 2017 and 2018 was just 12.6%, in comparison to a 33% growth between 2016 and 2017, and a 35% growth between 2015 and 2016.
According to the report, the rapid growth in cyber claims was partly attributed to an increased number of small- and medium-sized enterprises (SMEs) purchasing cyber insurance, as SMEs generally have less robust cyber protection than larger firms, which naturally would lead to an increase in claims as cyber insurance becomes more widespread.
Privacy-related claims also have been on the rise, according to John Spiehs, claims manager for cyber, tech, and E&O at Axis Capital. Spiehs expects the situation to only worsen once the CCPA comes into effect, as “companies that are victims of data theft or other data security breaches can be ordered to pay statutory damages of $100 to $750 per person.” During remarks at the NetDiligence Cyber Risk Summit in Philadelphia, Spiehs said, “To me, this raises a larger question of: is this something that we want to be insuring? …Are we still insuring the data integrity of the insured or are we insuring the business model?”
Nevertheless, A.M. Best remained optimistic about the outlook for the cyber insurance market. The report noted, “the 2018 direct paid loss & DCC ratios were below 25% for both standalone and packaged cyber policies”—i.e. the line’s underwriting performance was very strong—and that 528 insurers were writing cyber insurance as of 2018, “up from 471 in 2017, 400 in 2016, and 309 in 2015.” The number of regional insurers that began to write cyber in 2018 could be seen as a sign that the cyber insurance market space still represents an opportunity for insurers—especially as new market entrants continue to boost capacity and drive competition between insurers large and small.