Insights

Looking Ahead: Cyber Liability Insurance Concerns in 2022

January 11, 2022

/Cyber Liability

With cyber liability insurance becoming more ubiquitous, more unpredictable, and, in some cases, more confusing than ever, it’s critical to have a comprehensive guide to the trends we’re noticing in the cyber insurance market and what you should know going into 2022. We’re pleased to share our first Cyber Liability Looking Ahead Guide; there is much for the modern business to be cognizant of.

Like most insurance markets this year, the cyber market is reeling from the past two years’ volatility. As described in this first-ever Looking Ahead Guide focused on cyber risk, we’re watching issues like the increases in ransomware attacks and the costs associated with these events (which are driving sharp reactions from underwriters), supply chain attacks that highlight the problem of aggregated risk, plus concerns like: privacy regulations, mass arbitration, and how to respond to a data breach.Cyber Looking Ahead Guide 2022

US Cyber Market Update

To call 2021 anything other than a sea change in the cyber liability insurance world would be an understatement. Indeed, nearly all cyber insurance renewals saw increases in premium and self-insured retentions throughout 2021. Many saw reductions in limits. Everyone experienced the increased scrutiny of cybersecurity controls to combat ransomware.

Here are trends that we dive deeper into in the Cyber Looking Ahead Guide:

  • The Hard Market Arrived with a Vengeance: While 2020 showed signs of a hardening market, the acceleration of difficult conditions throughout 2021 is unprecedented in the history of cyber insurance.
  • Technology Errors and Omissions (E&O) Aggregation Concerns: Just as most companies are relying more on technology, and software companies are seeing explosive growth, the insurance market views their risk as even greater than before.
  • Rise of Cyber MGAs and InsureTech: Greater adoption of managing general agent (MGA) capacity and the willingness of traditional cyber insurance carriers to write insurance above these MGAs in a cyber insurance tower will be an area to watch throughout 2022.

A Managing General Agent (MGA) is a specialized type of insurance broker who is vested with underwriting authority from an insurer.

  • Pricing Trends. The surest sign of a hard cyber insurance market has been the increase in pricing for companies of all sizes, in all sectors. The Woodruff Sawyer Cyber Pricing Index shows the change in pricing at the median, bottom quartile, and top quartile during a trailing 12-month period over the past year for both primary and excess prices.

Cyber Insurance Pricing continued to deteriorate throughout 2021, ending at high watermarks for the past 12 months.

Self-Insured Retention Trends

Insurance carriers view cyber risk as on the rise. As a result, they’ve not only increased premiums but they’ve also asked companies to keep more risk on their balance sheet in the form of self-insured retention increases. Across companies of all sizes, Woodruff Sawyer clients have seen retention increases over the past 12 months.

Self Insured Retention Trends by Company's Annual Revenue Graph - Companies in every revenue segment have seen increases in self-insured retentions over the last 12 months.

Limit Trends

In the cyber insurance market, we’ve seen many carriers reduce their available capacity throughout 2021 to a maximum of $5 million for any one client.

Hot Topics in Cyber Insurance

Cyber risk is continually cited as a top concern for executives and board directors, and rightfully so. The digital transformation that is underway in every industry has led to increased cyber risk. In this Guide, we cover these topics in depth:

  • Ransomware: The news is increasingly filled with ransom demands in the tens of millions of dollars.
  • Supply Chain Attacks: 2021 brought to bear a number of attacks against security software tools that had far-reaching impacts throughout the technology supply chain. The efficiency of these attacks suggest that similar attacks may be on the horizon in 2022.
  • Privacy Regulation Changes: The implementation of the European Union’s General Data Protection Regulation (GDPR) in 2018 has ushered in a wave of consumer privacy rights regulations across the globe.
  • Mass Arbitration: The first mass arbitration cases appeared in 2018, but they’ve gained notoriety for their effectiveness and several court decisions have held to task the companies that demanded the arbitration.
  • Federal Government Intervention in Cyber Security: Much of the focus of the US government to date has been on ransomware. They’ve approached this risk from a couple of angles: sanctions and reporting requirements.
  • The War Exclusion and Nation-State Sponsored Hacking: To date, we have not seen cyber insurance claims denied due to the invocation of the war exclusion—even when the attackers are alleged to be sponsored or supported by foreign governments.

Underwriters’ Survey

For the Guide, we surveyed insurance carriers with whom we place cyber insurance around the world—from domestic carriers to Lloyd’s syndicates to startup MGAs.

We asked questions regarding the current risk environment, risk appetite, and future pricing expectations. The results illuminate the expectations of underwriters for 2022.

Here are just a few key takeaways from underwriters, about 2022:

  • Nearly 45% of underwriters believe cyber risk will increase greatly in 2022.
  • 100% of underwriters ranked ransomware and supply chain attacks among their top three threats.
  • Nearly 90% of insurers believe companies should be more aware of their cyber risk.
  • 60% of underwriters believe cyber insurance premiums will greatly increase.

Cyber Looking Ahead Guide 2022

Our Experts Address Your Questions About Cyber Concerns

In our Cyber Looking Ahead Guide, we address some key questions concerning cyber liability.

  • In a wild cyber market, might it be a good thing that companies are being forced to reassess the size and structure of the cyber limits they’re buying?
  • What are the SEC’s expectations for boards when it comes to their fiduciary duty to disclose cyber risk?
  • Are captives a cost-effective replacement for cyber insurance or is traditional cyber insurance a smart purchase?
  • In an intense underwriting process in 2022, what information will carriers want to review?
  • What makes an effective breach response process?

Like most insurance markets this year, the cyber market is reeling from the past two years’ volatility. Get your copy of Woodruff Sawyer’s Looking Ahead Guide to Cyber Insurance to help you handle what lies ahead in 2022.

DOWNLOAD GUIDE >>

ON-DEMAND WEBINARS

FEATURED VIDEO

A Spectrum of Clients

 

Related Blog Posts

Was this post helpful?

See all articles by Dan Burke

All views expressed in this article are the author’s own and do not necessarily represent the position of Woodruff-Sawyer & Co.

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn