Recent high-profile ransomware attacks will likely help drive demand for cyber risk insurance, says New York City-based Fitch Ratings in a report published on Tuesday.
However, the market for cyber insurance remains in its infancy, making it tricky for insurers to properly price coverage, Fitch says.
The spate of ransomware attacks highlights the scope of corporations' cyber risk exposures, and the rating agency predicts that this is likely to increase demand for insurance protection.
"Tallying the costs from recent attacks will take time. However, growth in corporate anxiety from cyber-related threats amid regular reports of data breaches and other information system intrusions will spur demand for cyber protection and solutions including insurance protection," Fitch says in a statement. Developing regulations in this area will likely increase the demand for cyber insurance coverage, it adds.
U.S. insurers wrote approximately US$1.3 billion in cyber coverage in 2016, according to Fitch, and this market could grow more than tenfold to US$14 billion by 2022. The leading cyber risk insurance firms include American International Group, Inc. XL Group Ltd and Chubb Limited, Fitch notes.
Notwithstanding the expectations or rising demand, "a cautious approach to adding cyber exposures is warranted as there is considerable uncertainty in pricing and underwriting this risk. Aggressive expansion by individual underwriters into the segment could be credit negative," Fitch says.
In addition to ransomware, cyber-related attacks may include data theft and denial of service attacks that may create economic losses from damage to systems and property, remediation costs, business interruption losses, and reputation damages. These incidents can also generate third-party exposures for failing to protect data; and professional liability, including potential claims against directors and officers for failing to manage cyber risks.
So far, cyber-related underwriting experience has been relatively favourable for insurers, Fitch says, "but the market remains untested."
Indeed, the Fitch report notes that insurers face challenges in establishing actuarially sound pricing and coverage terms in this area, given still-limited data from historical claims. And, the evolving nature of cyberattacks, and the losses they could create, adds further challenges, it says.
"Given the scope of these challenges, we would view aggressive growth in stand-alone cyber coverage, or movement to high portfolio concentration in cyber, as negative for an insurer's credit profile. Underwriting, pricing and reserving uncertainties would outweigh the potential earnings growth benefits," Fitch says.
"Controlled growth as part of a diversified portfolio, coupled with continually enhanced underwriting standards, would generally be neutral for the credit profile."