As claims frequency and loss ratios rise at an alarming rate and the need for coverage increases, the once-expanding market will likely retract.
For several years, cyber liability has followed a familiar pattern. New cyber insurers enter the market, increasing capacity and expanding coverage offerings within the industry. A competitive marketplace persists and a buyers' market prevails. A crowded and competitive market allows insurers to absorb cyber claims without concern.
However, this once-familiar pattern has since spun itself into an insurance nightmare.
With claim frequency and loss ratios rising at an alarming rate and an increasing need for coverage from businesses, the once-expanding market will likely retract. The world's dependency on and use of technology will not slow down; it will continue to grow at levels faster than ever before. As our technological capabilities have expanded, so have our cybersecurity abilities.
Improvements in cybersecurity have played a role in the frequency of claims. Breaches have become more easily detected but even with heightened security, in 2020 the average time of detection after a data breach was about 197 days, according to IBM. That's nearly 200 days of hackers rooting through your business' information carefree.
The average cost of a data breach in 2020 was $8.64 million, according to IBM. And 28% of data breaches are directed at small businesses, according to Selective.
In 2020, the global cyber market accounted for roughly $7.8 billion in written premiums with industry experts estimating a 21% growth in 2021, reaching $9.5 billion in premiums, according to The FinTech Times. Yet shockingly, less than 50% of U.S. businesses currently have cyber liability coverage, according to Markets and Markets. The market will continue to grow organically in the next few years as insureds decide to increase their current cyber limits and many more look to buy cyber for their first time.
Cyber premiums are estimated to exceed $20 billion by 2025 but it is possible for the segment to exceed this level because of the difficulty in determining who committed a given cybercrime. This hinders the market's ability to mitigate loss amounts and frequency and sustains the already alarming rate increases seen for coming years. Cyber claim frequency has risen by more than 10% year over year since 2018, with loss ratios increasing from 34% in 2018 to 47% in 2019, according to Fitch Ratings.
Cyber liability was not a mainstream coverage 10 years ago and hasn't been offered by many in the industry until recent years. Coverages emerged slowly in 2008 and were written frugally as insurers tested the market. Today, as coverage demand and needs continue to increase, we begin to see the true performance for the first time.
The Solar Winds breach, which was discovered in December 2020, exposed records of thousands of organizations and U.S. government agencies. Without the ability to trace the attack the true source remains unknown. Other major breaches include those on Colonial Pipeline and CNA.
In particular, the Colonial Pipeline breach showed the extreme economic impact a single cyberattack can have, as well as the unpredictability of who hackers may target. In order to sustain insurability and mitigate losses, we need to locate the source of a cyberattack with greater accuracy and hold those accountable for their crimes. Without the ability to do this, insurers will continue to struggle with coverage offerings and underwriting decisions.
Emerging Risk: Autonomous Vehicles
Statistics paint a gloomy image of the current markets' sustainability. Additionally it does not account for a looming cyber threat that our society will soon face: autonomous vehicles.
The autonomous vehicles industry has been the leading industry for investment over the past several years. Commercial vehicles, such as long-distance trucking, will more than likely be the first to implement such technology that may be in use within the coming 10 years.
In a cyberattack experiment carried out by Tesla, some of the most prolific IT minds were asked to hack a fleet of autonomous vehicles while en route to a destination and did so successfully, showing capabilities to redirect the vehicles. In situations such as this, the loss will be considered a cyber breach as opposed to an auto claim.
If a cyber hack was deemed the cause of loss in an auto incident, these payments would likely fall entirely on the cyber insurer. It's difficult to fathom just how the cyber market could absorb this potential.
Premiums for standalone cyber liability policies grew by 18% alone in 2020, according to Fitch Ratings, and we have yet to experience or learn of the many new threats that will emerge in the coming years. At what point does the cost needed to insure cyber losses become too high for businesses to reasonably afford? Will cyber liability be an insurable risk in 10 years? Could a situation occur where the risk so severely outweighs the premium needed to insure cyber that this becomes a state or federal coverage, similar to coverage for terrorism?
As insurance professionals, it's our duty to think of emerging issues in our industry. Being prepared and continuing to expand our knowledge of new insurance risks is the way we can assure our customers financial safety.
Austin Stolly is an independent agent and advisor at Stolly Insurance Group in Westerville, Ohio.