Cyber Coverage Is Unprofitable, Now What?

Cyber Coverage Is UnprofitableCyber coverage was once very profitable.

But that is no longer.

As I report in my recent article, Cyber Challenges, the growth of ransomware attacks and undisciplined underwriting practices are pressuring a line already considered too risky for most insurers.

The line’s overall unprofitability was bound to happen. Sooner or later, profitability challenges hit every insurance line. That can be positive in the long term. Low returns on investment can motivate necessary soul searching that leads to growth and development.

To be clear, a line’s overall profitability is not indicative of an individual insurer’s experience. Some insurers are still making a decent buck selling cyber insurance. To stay in the cyber game, however, less profitable competitors are likely looking to reduce what they cover or quit offering coverage altogether.

Cyber insurance has always been risky business. Pricing coverage is challenging amid ever-changing risks. Since I began covering cyber insurance in 2014, data breaches were insurers’ main concern.

But that changed.

Changing Risk

In 2018, data breaches continued to be the top concern. Ransomware was beginning to raise its ugly head. Back then, cyber coverage was also quite profitable. With losses at only 40% of expenses, there was plenty of room for double-digit profitability. 

Now, cyber actuaries, charged with developing rates with little past or present data, are finally getting enough information to anticipate losses associated with data breaches. Actuaries have also become more sophisticated with scenario planning.

Despite these improvements, pricing cyber remains a delicate matter. Since cyber insurance was profitable, underwriters had some wiggle room for pricing coverage. But not anymore. Tighter underwriting, it is hoped, will result in organizations “getting religion” on risk mitigation. Recent harrowing ransomware attacks, such as the Colonial Pipeline’s, should serve as a wake-up call as well.

Battling cyberbullies is part of the price we pay for digital dependence.

Monitoring cyber insurance continues to be a challenge. Yes, there is plenty of data about cyber security. That, however, is only the risk side of the insurance equation.

While writing this article, I was surprised that after a three-year hiatus from covering cyber insurance, only one organization provided an estimate for the combined ratio — the insurance industry’s go-to profitability barometer. The little publicly data available was laden in grains of salt or caveats as with sources warned the information does not paint a full picture.

Cyber insurance is important for protecting organizations when if a cyber attack occurs. Improving cyber security is vital, but so is building stronger partnerships between insurers and their customers. That critical piece could turn out to be the most important.