The cyber insurance market is poised for significant growth over the next several years as cyberattacks continue to grow in number and sophistication, with the potential to cause major financial and reputational damage and disrupt business operations, Moody’s Ratings has reported.
However, the ratings firm noted that as profitability had improved and cyber underwriters are able to better manage and withstand attritional losses, some insurers are reportedly shifting toward excess of loss treaties to manage widespread events.
Moody’s also discovered that while the cyber insurance-linked securities (ILS) market still remained small, several insurers have issued cyber catastrophe bonds since early 2023.
It recalled that Beazley closed its first 144A cyber catastrophe bond providing cover of $140 million at the beginning of the year, adding that in May, the firm sponsored its second 144A cyber catastrophe bond, securing an additional $160 million of capital markets-backed cyber reinsurance coverage via a PoleStar Re Ltd. (Series 2024-2) issuance.
A news report from Reinsurance News, a risk-underwriting-focused medium, quoted Moody’s as forecasting that moving forward an increase in ransomware attacks and large losses could wind up prompting higher loss ratios, keeping price declines in check, particularly in the United States.
The ratings firm further clarified that “although losses will likely increase, we expect the segment to remain profitable in 2024, absent a major catastrophe event. Cyber catastrophes could include cloud downtime, ransomware attacks and data breaches.
“The recent CrowdStrike Holdings Inc. incident highlighted the broad risks posed by a single point of failure and the degree to which many segments of the economy are interconnected and interdependent. It remains challenging to analyze widespread outages and cyberattacks,” Moody’s added.
Munich Re had earlier reported that premiums written in the global cyber insurance market were approximately $14 billion in 2023, more than doubling over the last five years, and could potentially wind up reaching $29 billion by 2027.
Moody’s maintained that despite its rapid growth rate, the cyber insurance market remained immature, with meaningful variations in policy language, terms and conditions across the industry.
It clarified: “Loss ratios likely to move higher given uptick in ransomware and large losses. An increase in ransomware attacks and large losses could prompt higher loss ratios, keeping price declines in check, particularly in the US. Although losses will likely increase, we expect the segment to remain profitable in 2024, absent a major catastrophe event.”
Furthermore, Moody’s highlighted how the recent CrowdStrike outage demonstrated the broad risks posed by a single point of failure and the degree to which many segments of the economy are interconnected and interdependent.
The firm concluded: “It remains challenging to analyze widespread outages and cyberattacks. Cyber modeling has advanced, but the risks are constantly evolving, which creates uncertainty around return periods and the likelihood of an event. Recent large losses and supply chain attacks will prompt further scrutiny of policy language, risk aggregations and modeling practices.”
