Insurance Jottings

Insurers Cut Their Appetite for Cyber Cover as Ransomware Losses Mount

Insurers have halved the amount of cyber cover they provide to customers after the pandemic and home-working drove a surge in ransomware attacks that left them smarting from hefty pay-outs.

 

Faced with increased demand, major European and US insurers and syndicates operating in the Lloyd’s market have been able to charge higher premium rates to cover ransoms, the repair of hacked networks, business interruption losses and even PR fees to mend reputational damage.

 

But the increase in ransomware attacks and the growing sophistication of attackers have made insurers wary. Insurers say some attackers may even check whether potential victims have policies that would make them more likely to pay out.

 

“Insurers are changing their appetites, limits, coverage and pricing,” Caspar Stops, head of cyber at insurance firm Optio, said. “Limits have halved – where people were offering ten million pounds (US$13.50 million), nearly everyone has reduced to five.”

 

 

Lloyd’s, which has around a fifth of the global cyber market, has discouraged its 100-odd syndicate members from taking on cyber business next year, industry sources say on condition of anonymity. Lloyd’s declined to comment.

 

US insurer AIG also said in August it was cutting cyber limits.

 

Ransom software works by encrypting victims’ data and typically hackers offer victims a passcode to retrieve it in return for cryptocurrency payments.

 

It has become the attack of choice for cyber criminals, who previously favoured stealing data and selling it to third parties.

 

Suspected ransomware payments totalling US$590 million were made in the first six months of this year, compared with the US$416 million reported for the whole of 2020, US authorities said in October.

 

In one of the biggest heists, a ransomware attack on Colonial Pipeline in May shut the largest fuel pipeline network in the United States for several days.

 

US cyber insurers’ profits shrank in 2020, insurance broker Aon found. Combined ratio – a measure of profitability in which a level of more than 100% indicates a loss – climbed by more than 20 percentage points from 2019 to 95.4%.

 

While insurers struggle to cope, companies are under-insured.

 

“It’s very unlikely people are getting the same limits – if they are, they are paying an extraordinary amount,” David Dickson, head of enterprise at broker Superscript, said.

Dickson said one technology client had previously bought £130 million of professional indemnity and cyber cover for £250,000. Now the client could only get£ 55 million of cover and the price was £500,000.

 

Insurers who issued US$5 million cyber liability policies last year have scaled back to limits of between US$1 million and US$3 million in 2021, a report last month by US broker Risk Placement Services (RPS) found.

 

As Profitable as Cocaine

A European Union report released in October said the COVID-19 pandemic and rise of home working had enabled cyber criminals to flourish.

 

Meanwhile, cyber security firm Coveware likened the 90%-plus profit margin from ransomware attacks in 2021 to the gains Colombian cocaine cartels made in 1992.

 

Where hackers previously took a scattergun approach with methods such as sending out thousands of phishing emails, they have become more targeted, reading balance sheets and focusing on specific sectors.

 

Tom Quy, cyber practice leader at reinsurance broker Acrisure Re, said attacks were moving away from healthcare facilities and municipalities – which have weak IT controls but also little money – to manufacturing or logistics companies.

 

Such firms have deep pockets and cannot afford extended outages to fix their systems, so would rather pay ransoms, especially if they have insurance to cover them.

 

“We advocate to everyone you don’t disclose your insurance because that’s crucial to your business,” Scott Sayce, global head of cyber at Allianz Global Corporate & Specialty, said.

 

Premium rates have almost doubled in the United States and jumped by 73% in Britain as a result of the frequency and severity of ransomware attacks, insurance broker Marsh said. RPS said rates for some policies had risen by as much as 300%.

 

Where ransom payments were typically US$600 a few years ago, they now are as high as US$50 million, said Michael Shen, head of cyber and technology at insurer Canopius, and insurers are sometimes asking policyholders to pay half of the ransom.

 

The United States and France are among countries particularly concerned about ransom payments, industry sources say.

 

The FBI says it does not support paying ransoms, while a few US states are considering banning ransomware payments by municipalities.

 

But insurers, while less willing to provide large amounts of cover, say failing to pay ransoms could backfire.

 

“Of course no-one wants to pay criminals,” Adrian Cox, CEO of insurer Beazley told the Reuters. “At the same time, if you ban it … you could cripple a lot of businesses whose systems have been disabled.”

 

Zurich Insurance Will No Longer Underwrite New Oil Exploration Projects

Zurich Insurance Group will no longer underwrite new greenfield oil exploration projects, Europe’s fifth-largest insurer said on the 18th November in an investor day presentation which sought to burnish its green credentials.

 

It also committed to a full phase-out of thermal coal from its underwriting portfolio by 2030 in wealthy countries and by 2040 in the rest of the world, unless companies seeking cover had formally approved science-based targets in place.

 

It vowed not to underwrite oil and gas drilling and production in the Arctic, although a spokesperson said in practice it already refrained from projects in such sensitive environments.

 

The pledges come after banks, insurers and investors with $130 trillion at their disposal vowed at the UN’s COP26 climate conference in Scotland this month to put combating climate change at the centre of their work.

 

Zurich also reiterated it was on track to deliver on its 2022 targets in the investor day presentation, stressing its strategy and business mix allow “superior” returns to shareholders and support its dividend policy.

 

It said last week it planned to raise its dividend and was confident of hitting its 2022 targets after property and casualty (P/C) premiums rose 11% on a like-for-like basis in the first nine months of 2021.

 

Presentation slides included comments from finance chief George Quinn that Zurich was on track to exceed its return on equity target of above 14% by fiscal year 2022.

 

Zurich, which aims to be a net-zero emissions business by 2050, is one of eight major insurance and reinsurance companies who, in July, launched an alliance to help speed up a transition to a cleaner economy.

It said in March it planned a 25% cut in carbon intensity for listed equity and corporate bond investments by 2025 and a 30% cut for direct real estate investments.

 

Coastal & Inland – Asia

Note from The Standard Club

Following 50 years of successful operation in Europe, our Coastal & Inland service is now available to commercial coastal vessels – typically up to 10,000gt – operating in harbours and coastal areas in Asia.

 

Working with key local brokers, coastal vessel owners can enjoy the same reassurance and access a greater choice of insurance cover – providing a wider and competitive choice of insurance options. As an already established presence in Asia, we provide a trusted, experienced and credible alternative, offering extensive local knowledge, reassurance and peace of mind.

 

Standard Asia is one of the largest club teams in Asia with 29 staff in Singapore and a further 11 in Hong Kong, providing an in-house team of underwriters, loss prevention experts and claims handlers. We are a trusted and recognised insurer in Asia with partnerships built and developed following decades of insuring large vessels in the region.

 

The team is empowered with fully-localised authority, offering extensive local knowledge and support within the same time zone as Asian members. The team also has a comprehensive network of trusted, long-term and local correspondents capable of delivering support, whenever and wherever it is needed.

 

As a club committed to providing the best possible service to our members, our Coastal & Inland capabilities position Standard Club as a perfect fit for the Asian market – ultimately benefiting brokers, owners and our business.