Insurance Journal’s Top 10 Cyber Insurance Stories of 2019

An A.M. Best report released in June gave a comprehensive look at the state of the cyber insurance market for 2018, the most recent year data was available, stating that it has seen continued growth and underwriting performance in this line of business.

In fact, the report said direct premiums written for both standalone and packaged cyber policies grew about 12 percent in 2018 from $1.8 billion to $2.0 billion. It stated the growth was a bit of a slowdown from a growth rate of 30 percent for the previous two years, however the $2.0 billion in DPW is more than double what was written in 2015. Additionally, 528 U.S. insurers reported writing cyber insurance in 2018, up from 471 in 2017.

The A.M. Best report, “Cyber Insurers Are Profitable Today, but Wary of Tomorrow’s Risks,” noted that total claims grew 39% in 2018 compared to 2017, which it said reflects a changing market with more SMEs buying coverage. In 2018, there were more than 12 million first-party claims for costs associated with breach notifications, credit monitoring for customers and business interruption.

A.M. Best also identified the top five cyber insurers by DPW, the top cyber writers in terms of policies in force, as well as market challenges for the cyber insurance space in its state of the cyber insurance market report, which served as Insurance Journal’s top cyber insurance news for 2019.

Check out Insurance Journal’s additional top 10 cyber insurance stories for 2019 based on reader metrics below:

1. Was It an Act of War? That’s Merck Cyber Attack’s $1.3 Billion Insurance Question.

Readers were interested in this Bloomberg report regarding NotPetya’s impact on global drugmaker Merck on June 27, 2017, as well as the lingering impact of the attack afterward as it spread from country to country. At Merck, the attack was devastating, crippling more than 30,000 laptop and desktop computers, as well as 7,500 servers, a person familiar with the matter told Bloomberg. Beyond Merck, it hit FedEx, the shipping giant Maersk, the global confectioner Mondel─ôz International, the advertising firm WPP, and hundreds of other companies. All in all, the White House said in a statement afterward, it was the “most destructive and costly cyberattack in history,” the Bloomberg report stated.

2. 2019 Cyber Insurance Predictions: Strong Drivers for Growth Ahead

At the beginning of the year, readers took interest in this report written by Yakir Golan, CEO of Tel Aviv-based Kovrr, a provider of predictive modeling that aims to help insurers understand, quantify and minimize cyber risk. Golan wrote that cyber insurance was expected to continue trending upward in 2019 as the industry grows and the technology around continues to evolve at a very quick pace. While predictions are always hard to make, he named in January five trends expected to catapult the cyber insurance industry forward and creating fertile ground for growth in 2019.

3. Warning: Cyber Will Soon Cost Insurers More Than Natural Disasters

In May, Bloomberg reported that cyber risks will soon become bigger risks than natural catastrophes for the insurance sector, according to Scor Chairman and Chief Executive Officer Denis Kessler, who recommended the industry build a comprehensive, common global scale to assess cyber-related incidents.

“I dream of a kind of Richter scale for cyber security,” Kessler said at a conference on cybersecurity held at the Bank of France, referring to the scale used to measure earthquakes. “It would be very helpful to have measurement and modeling tools. Unless we can model, it’s very difficult for us to provide coverage. We have scenarios but not modeling tools.”

Bloomberg reported on the conference, in which cybersecurity experts and top executives in the financial sector as well as representatives from the European Central Bank, the Federal Reserve and the central banks of Canada and Japan convened in Paris to assess the risk.

4. Cyber Insurance: A Closer Look | Insurance Journal Research

This year, Insurance Journal held its first live cyber webinar, which provided an overview of the cyber insurance industry by taking a look at how cyber coverage benefits businesses, challenges insurers face regarding cyber coverage and how the industry could evolve in the future. The hour-long webinar, which is still accessible to watch on demand through Insurance Journal’s research page, answered questions about why cyber insurance is important for businesses, what the coverage typically looks like, why some businesses may not be buying it, whether it has been profitable for insurance companies and what’s in store for the future.

5. Zurich Policyholder Dispute Highlights Danger of Calling Out Cyber Attackers: Opinion

In January, Insurance Journal readers were interested in an opinion column by Bloomberg View columnist Leonid Bershidsky, contending that the $100 million lawsuit that Mondelez, the maker of Oreos and Cadbury chocolate, brought against Zurich Insurance Group shows that governments should be more careful about identifying the would-be culprits in putative cyber-wars. The column stated such claims can have unintended consequences and can sometimes harm businesses.

6. Putting Municipal Ransomware Attacks – and Cyber Insurance – in Context

The ransomware attacks on public entities in Texas, Florida, Maryland, Georgia and elsewhere in 2019 raised questions not only about paying ransoms but also about the role of insurance in helping these targets get back to serving the public, Insurance Journal reported in September. Whether to pay a ransom is a difficult decision and the negotiating skills that insurers bring to such situations represent just some of the expertise that cyber insurance can provide public entities faced with a ransomware incident, according to Tim Francis, enterprise cyber lead at Travelers. In a wide-ranging interview with Insurance Journal that took place before the August ransomware attack on 22 Texas cities, Francis discussed cyber insurance, ransomware and the circumstances facing municipalities.

7. 17 Cybersecurity Products the Cyber Insurance Industry Says Are Worthwhile

Insurance broker Marsh in September unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace. Cyber Catalyst by Marsh, launched in 2019, convened cyber insurers Allianz, AXIS, AXA XL, Beazley, CFC, Munich Re, Sompo International and Zurich North America to identify products and services they consider effective in reducing cyber risk. Marsh said more than 150 cybersecurity offerings, spanning a broad range of categories from hardware to messaging security to Internet of Things (IoT) security, were submitted for evaluation. 17 products were rated worthy of the first-ever Cyber Catalyst designation in 2019.

8. Cyber Insurance Demand, Supply, Awareness Continue to Grow: Marsh

Marsh issued a new report on the cyber market in April, titled More Cyber Insurance Buyers as Awareness Grows. The report indicated the message about the need to take cyber risk and insurance seriously is getting through to companies and boardrooms, as it stated the estimated cyber insurance market increased to $1.8 billion in 2018, three times what it was in 2015.

“As risk awareness has grown, more organizations, particularly those focused on their business interruption risk, are turning to the cyber insurance market for protection,” according to Tom Reagan, U.S. Cyber Practice Leader for global insurance broker Marsh.

9. Cyber Insurance Will Reshape Cybersecurity

Given the increasing frequency of cyber breaches, along with the presence of more varied and evolving threats, there is growing uncertainty about the ability of the cybersecurity industry to protect its customers, according to Asaf Lifshitz, CEO and Co-Founder of Sayata Labs, in an article published on Insurance Journal after originally publishing in Insurance Journal’s sister publication, Carrier Management. In the article, Lifshitz states there is virtually no company that isn’t a potential target for a cyber attack, from mom-and-pop storefronts to Fortune 500 companies. Even with the best possible cybersecurity posture, there is always a threat of a breach, he says.

10. Viewpoint: What Insurance Industry Should Acknowledge About Small Business Cyber

In an Insurance Journal viewpoint column published in July, Josh Ladeau, the global head of cyber and tech errors and omissions at Aspen Insurance, discussed the increased vulnerability of small businesses to a cyber attack compared to larger entities, and what smaller businesses need to acknowledge in order to be better prepared for a cyber incident. In the column, Ladeau stated that in contrast to larger entities, small businesses almost universally lack the security awareness and preparedness of their larger brethren. The Keeper Security/Ponemon Institute SMB Report cites 54% of small- to medium-sized businesses believe their companies are too small to be ransomware targets, and Continuum’s 2019 Small Business Cyber Security Report stated that 62% of SMBs do not have the in-house skills to properly manage cyber security.

A new year is now underway and with it could come new cyber risks and trends, so be sure to check out Insurance Journal’s Research and Trends page for additional resources and information on all things cyber. Happy new year, and thanks for subscribing to Insuring Cyber.