The start of a new year is an excellent time to look back on the previous 12 months and look forward to what lies ahead in the coming year. It's time to reimagine the world's future now that we can see a possible end to this trying era.
However, new threats surround these new digital capabilities. Digital safeguards would become just as, if not more, essential than physical safeguards. We looked at the industry with CyberCube that pioneers cyber insurance research to see what these risks mean for the cyber insurance market.
The pandemic's effect on the shift to technology transformation over the last year has been well reported. The radical transition to working from home has profoundly changed our perspective on the workplace. This shift has had a wide-ranging effect on the cyber threat environment. In addition to current developments such as the continuing explosion of ransomware and the rise of managing remote workforces, 2020 was marked by a range of major cyber risk incidents. This includes the Twitter breach, the Magento hack, and the SolarWinds hack towards the end of the year, which may be the most critical.
1. A hardening market
In the second quarter of 2020, the hardening demand in the insurance industry picked up the pace. While the dust has yet to settle on the January 1 renewal season, it is clear that there have been premium increases as well as a tightening of ability and terms in the cyber (re)insurance sector. The effect undoubtedly varies by section, with businesses that have incurred losses bearing the brunt of the brunt. Because high excess layers are no longer considered outside the burn layer in large programs, room for this section has diminished, causing many more participants to get close to the necessary limits, often at much higher rates.
Several cyber-specific market developments have emerged in the face of rising prices, which will possibly intensify rapidly in 2021. Coverage restrictions, sub-limits in the circumstances, or even exclusions for specific perils (particularly in light of ongoing ransomware issues) can make it more difficult for brokers to place such risks. Exclusions relating to particular incidents, such as the SolarWinds hack, have also been addressed.
One silver lining of the market's hardening conditions is that businesses that comprehensively show a transparent risk management culture and robust cybersecurity controls will benefit from comparatively more substantial market terms. There is a growing divide between companies that consistently perform well and those that are falling behind. With more data at their disposal to determine best practices in cyber hygiene, underwriters are more conscientious than ever regarding risk selection. Companies that show good cybersecurity may be rewarded with security signals, which can assess cyber maturity measures.
2. Pricing convergence
As the cyber market matures, actuaries were assigned with rising priority to review portfolios. Moreover, when individual undertakings and teams have switched between various market players, the previous price variance has been reduced. There has been a rising consensus on the riskiest and most significant risks with price matching. In the last years, there were substantial price variations for the same threat by magnitude. In 2021, there will be a growing market consensus on the acceptable price for the risk. The competition will continue to be strong, emphasizing policy vocabulary, end-to-end asset management services (both pre-and post-loss services), and claims management expertise.
3. Technology transformation
Technology connected to the internet and infrastructure will continue to increase, bringing with it new risks. 5G networks' hyperconnectivity will become mainstream in 2021, allowing for quicker and more secure data and malware transmission. This will mean the end of the "network perimeter," as we know it, making network systems more challenging to protect. The internet will grow in popularity with the widespread adoption of consumer applications and expanded industrial applications. The ongoing move to cloud infrastructure will only strengthen our dependence on a limited number of robust platforms.
4. Growth in attack vectors
The SolarWinds attack, which occurred at the end of 2020, demonstrated the importance of cybersecurity. With up to 18,000 businesses affected by this malicious software upgrade, including several US government agencies, it showed the possible consequences of sinister state-backed hackers. This assault revealed the interrelatedness of technology and the reliance on a limited number of critical suppliers. Although the financial implications of this case are still unknown, it seems that the motive was espionage rather than criminal, and it has given an insight into what is to come. The attack surface is continuing to increase, and in 2021, this trend will intensify. This will draw attention to flaws in supply chains and the pervasive software used in many industries. As is often the case, any network's main weakness would be the entry point for automated attacks.
5. A focus on accumulation
When it comes to the cyber insurance market, managing future accumulation risk used to be seen as a luxury or an intriguing academic study. Several events in the last three years have shown that the problem is no longer a theoretical possibility—it is a pressing concern. The PRA, Lloyd's, and others have recently increased their regulatory emphasis. By 2021, it will generally accept that carriers must take a systematic and organized approach to manage cyber risk accumulation.
While this list isn't comprehensive, and the essence of insurance means we'll no doubt have to deal with unexpected or out-of-the-blue cases, being mindful of these critical patterns will benefit us in the coming year.