The cyber insurance market has undergone a period of significant volatility in recent years, as spikes in attacks such as ransomware have resulted in considerable losses and forced a reset in rates and coverage scope, according to Paul Handy, global head of cyber at Crawford.
Addressing the market’s recent performance, Paul Handy told attendees at the Crawford Technical Claims Forum in London: “Cyber is a challenging market. We had several years where carriers were writing significant business while loss ratios were very low, and then 2020/2021 saw a major hit from ransomware. That drove loss ratios from around 10 percent to 130 percent. Insurers were impacted and a number exited the market.”
Since then, the market has experienced a period of “recovery and correction” and capacity is returning, with carriers displaying “more disciplined underwriting” and a “greater understanding of risk.” The number of cyber attacks has also reduced for geopolitical reasons. However, while the volume has dropped the severity is increasing with threat actors being highly organised and “knowing how to inflict pain on the companies they target,” Paul Handy noted.
In the changing landscape the drivers of risk remain the same. Paul Handy explained that humans are still the primary chink in any firm’s cyber armour with social engineering one of the key ways cyber attacks begin. Despite this weakness he pointed out that only 43 percent of UK businesses have cyber insurance.
Loss adjusters are certainly seeing developments with regard to the claims they process. He commented: “Last month we've had, as a business in the field, 60 instructions coming in, which was a significant number of events.
“What we're seeing is the perpetrators tend to be more careful in what they're attacking. They are increasingly going for intellectual property rather than just data. They tend to be targeting backups, and companies are growing increasingly concerned about the reputational impacts of these attacks.”
Insurers are also paying particular attention to what they are told about the risk at policy inception and what the situation is if a claim is brought. If there are any discrepancies this will be considered along with policy response.
“Part of our role as loss adjusters is not only to address the specific circumstances of the incident and claim along with any consequential losses, but also to check the facts as presented, compliance with any related terms or conditions, along with ensuring that the right proof of loss documentation is in place,” he noted.
Speed of response for cyber claims is of utmost importance as, when a claim is lodged, an attack may still be ongoing.
Handy explained,
“The critical thing is to respond quickly. That is why at Crawford, we provide a 24/7/365 response model globally. The reason for that is that this is a crisis event and if you don't respond immediately and provide targeted support to these organisations, what could be a relatively small, well-contained incident can erupt into something much bigger and harder to fix.
“Second, you need to have the right experts to call upon. It is essential to have instant access to the right people to assist in the most effective way to manage these cyber-related incidents.”
As well as responding to the incident, loss adjusters are there to provide comfort and support to the insured that a carrier is sitting behind their decision-making. Paul Handy added, “We're validating the decision-making process, providing expert advice based on our experience and reporting back where we're engaging with the carrier to enable them to determine coverage.”
The weakest link in any cyber attack is the human but, as Paul Handy explained, loss adjusters are there to triage the problem, mitigate the scale of impact and help clients and their businesses move forward quickly and efficiently with minimum disruption.
