The hacking of Equifax’s extensive data on an estimated 143 million Americans is just the latest headline grabber in the growing and dangerous world of cybercrime. It may not surprise many that the cyber insurance sector has seen rapid growth recently, as global stand-alone cyber coverage is estimated at between $2.5 billion and $3.5 billion annually.
And according to a new report from Fitch Ratings, more active cyber regulation in the U.S. is a prime factor behind the estimated 90% of global cyber premium that originates here.
Despite the growth in the market, the ratings agency expects cyber insurance businesses to be ratings neutral for most highly rated insurers with sound underwriting policies, especially as these insurance lines make up a modest percentage of their overall volume and risk exposure. But the policies also present unique challenges to insurers based on the relatively new and difficult-to-quantify nature of cyberattacks.
“Insurers that lack cyber underwriting expertise, poorly manage their risk accumulations or fail to recognize loss potential from ‘silent’ cyber exposure in their traditional commercial insurance products could face pressure on earnings, capital or even ratings, if large loss scenarios emerge as the market expands,” Fitch analysts said. “Unduly large cyber risk aggregations of specific insurers may not become evident until after a large or catastrophic cyber event.”
Geographical diversification of risks also doesn’t play much into risk exposure with cyber threats as it does for other insurance lines, thanks to the interconnected nature of the internet, Fitch said. Also, risk concentrations can be more correlated to factors like exposure to a specific electric payment processor or firewall system, rather than a specific industry or geography.
Further, a lack of standardized policy language and terms can lead to significant differences among policies that can frustrate policy holders, analysts said.
Fitch predicts that developing cyber regulation in Europe, such as the General Data Protection Regulation set for implementation in May 2018, and other locales will likely increase demand for cyber insurance policies.
– Nicholas Stern, managing editor