Cyber insurance is projected to grow because it has been largely profitable for insurers and is seen as insurable by reinsurers, even as ransomware attacks accelerate, panelists said Thursday at the Insurance Information Institute’s Joint Industry Forum 2021 in New York.
They also suggested that the federal government play a greater role in the cyber insurance sector, particularly through increased information sharing.
By 2026, insurers will be writing $28 billion in cyber insurance gross written premiums, according to Paul Miskovich, New York-based chief underwriting officer for Evertas Inc., an underwriter of crypto-asset and blockchain-related risks.
Mr. Miskovich added that insurers will continue to write cyber insurance because it has been generally profitable. “It’s been profitable almost every year in the marketplace for most insurers,” he said.
Catherine Mulligan, global head of cyber in New York for Aon PLC’s Reinsurance Solutions business, said reinsurers are committed to the cyber sector and see the risk as insurable. She added that Aon is seeing some new reinsurers considering entering the market on a limited basis. Reinsurers have also made certain adjustments to capacity as they refine their understanding of the sector, she said.
While cyber insurance has been profitable for the insurance industry, ransomware is quite profitable for bad actors, according to Chris Beck, managing director in Chicago for Milliman Inc.’s cyber risk solutions practice group. “We’ve seen a large increase in ransomware attacks because they are lucrative — they are good business for cybercriminals.”
Ms. Mulligan added that cybercriminals are also becoming more automated, increasing the number of potential attacks and losses.
Moderator Dale Porfilio, chief insurance officer in New York for the Insurance Information Institute, began the session by asking if there is a role for government in the cyber insurance sector, using the federal roles in flood and terrorism insurance as examples. “We’re at that point,” he said.
“The government has more information than any one company and has intelligence operations no company” can match or replicate, Mr. Beck said.
Ms. Mulligan advocated for increased information sharing among stakeholders and suggested government might play a role in this effort by helping establish a central source for aggregated data. “Actuaries need better information” to make more informed decisions about cyber exposures and underwriting, she said.
Mr. Miskovich added that such sharing of information could be facilitated by data standardization and that the industry should “support all opportunities for data standardization.”
The Insurance Information Institute was acquired last year by The Institutes, a Malvern, Pennsylvania-based provider of education and research in risk management and property/casualty insurance.