Surplus Lines Dominate Cyber Insurance
High-profile cyber attacks continue to garner major headlines, with criminals achieving an alarming level of success.
The large-scale scope of the attacks has driven a surge in demand for cyber insurance. Admitted insurance companies have grown wary about cyber exposures, but surplus lines insurers have quickly stepped in to fill the coverage gaps.
Premiums in the rapidly expanding U.S. cyber market skyrocketed year over year by approximately 50% in 2022, to $7.2 billion, more than tripling the premium total from just three years earlier. A wave of ransomware attacks in 2020 during the early stages of the COVID-19 pandemic caused a spike in the industry’s loss ratio, but it became apparent that cyber insurance was underpriced, controls were lacking, and underwriting standards were still evolving. The next two years brought on an extremely hard market with strong price corrections.
Given the admitted carriers’ wariness, surplus lines companies stepped in to develop cyber coverage solutions for policyholders, which has generated rapid premium growth. Surplus lines writers now provide the bulk of new cyber coverage. From 2015, when the National Association of Insurance Commissioners (NAIC) started collecting cyber insurance data, to 2020, surplus lines companies held a roughly 25% share of the cyber market. From the start of the hard market in 2021 through 2022, cyber premium written by surplus lines insurers increased by more than 500%, to the point that surplus lines insurers now account for about 60% of cyber premium. But the story is positive for admitted insurers as well, which achieved premium growth over 50% over the same period.
Surplus lines insurers can customize solutions that may include specific coverage grants, as well as sublimits based on the risks presented. They can tailor policies to insureds’ specific needs, which has resulted in a bigger market share and larger profits. Surplus lines policy premium is, on average, multiple times that of admitted insurers on packaged and stand-alone policies. Additionally, in the two years of the hard market cycle, surplus lines writers posted a better loss ratio than admitted carriers.
Plenty of Room for Admitted Insurers
Surplus lines insurers may now write the majority of overall cyber direct premium, but admitted carriers still write 70% of the premium on packaged policies. Given that cyber coverage on packaged policies tends to be an endorsement to another commercial policy, it makes sense that admitted carriers writing general liability on standard forms would account for the majority of admitted cyber premium. However, even for each policy type, the growth in surplus lines coverage is significant—from 2020 to 2022, surplus lines writers doubled their market share for both packaged and stand-alone policies.
Ransomware Now a Double Risk
Ransomware has returned to the forefront in a more advanced form, with double extortions—one payment to “release” the system and another payment for the data. Initially, ransomware attacks involved encrypting victims’ files, requiring a key to unencrypt them. The victim of the attack would have to pay a ransom to obtain the encryption key. Ransomware now often includes extortion, with cyber criminals threatening to release or sell sensitive data after collecting the ransom. The growth in cryptocurrencies (which are difficult to trace) and the immediacy of payments make ransomware much more attractive for hackers.
Thus far in 2023, first-party ransomware claims have accounted for a growing share of cyber claims. Efforts are underway in some states to make receiving ransom payments illegal, but this could also result in business interruption losses while the ransom goes unpaid. Even with the decline in ransomware claims during 2022, first-party claims remain close to 75% of all claims, as business email compromise claims increased.
Surplus Lines and Emerging Cyber Concerns
The many avenues available for cyber criminals to exploit creates significant risk for businesses. Organizations with remote working environments are vulnerable to the data security weaknesses inherent in the virtual environment. Moreover, because cyber risks are still relatively new and evolving, insurers lack sufficient historical data on cyber events, which makes underwriting and pricing coverage more difficult.
Surplus lines insurance represents an alternative marketplace for cyber risk. New surplus lines policies can serve as testing grounds for product innovation. Surplus lines companies can offer coverage with tighter language that is more likely to avert court rulings that declare coverage applies to risks that were not contemplated in policy rates. With their inherent freedom to manuscript more specific policy language, surplus lines insurers can avoid such risks with greater success than admitted carriers using standard contract language.
The surplus lines market historically has been innovative, developing new kinds of insurance to meet emerging risks. Even in normal or soft markets, there will still be many risks, including cyber, that require surplus lines treatment. By fulfilling the role of insuring risks that the admitted market cannot or will not insure, the surplus lines market operates as a safety valve for the insurance marketplace.
David Blades is associate director of industry research and analytics at AM Best.