The cyber landscape
The digitalisation of the global economy continues, and it is clearly an accelerating trend. This article focuses on how this growth has increased the risk and threats around cyber and the consequent impact this has had on the insurance market, M&A deals, and M&A insurance.
Surveys have shown that cyber perils were the biggest concern for companies globally in 2022. According to the Allianz Risk Barometer, “The threat of ransomware attacks, data breaches or major IT outages worries companies even more than business and supply chain disruption, natural disasters or the Covid-19 pandemic, all of which have heavily affected firms in the past year.”1
The rising tide of cyber-crime is translating into costs for the global economy estimated at an incredible USD 6 trillion in 2021. Whilst industries like healthcare and e-commerce are seeing record levels of threats (according to RiskIQ’s 2021 Evil Internet Minute Report2), this is an escalating menace regardless of industry, sector, country, or the size of the company.
Cyber security & cyber insurance
As cyber has evolved into a distinct new area of risk, the insurance market is naturally being asked to cover “new” types of losses including data breaches, data theft, systems outages, and failure, as well as ransomware attacks. Consequently, the insurance market has had to work out the best way to offer protection for clients.
In the last few years, insurers have started to move towards offering stand-alone cyber coverage with many insurance companies no longer including this within other policies: this removes the ambiguity that can occur with the so-called “silent cyber” coverage. In 2021, Lloyd’s of London led the way with a requirement that all their policies be clear in their cyber coverage: full coverage, limited coverage or excluded.
As our understanding of these cyber risks increases, the insurance market is increasing their focus on clients’ cyber security when coverage is requested. As businesses look to insurance for protection more and more, the growing expertise of cyber insurers is educating companies on what they need to do to manage and reduce these risks; this helps both business and insurers.
With cyber incidents, claims and losses augmenting exponentially each year, the insurance market is going through a period of flux as it looks to correctly assess and “price” cyber risks; cyber losses in 2020–2021 have deteriorated, mainly a surge of ransomware claims.
The insurance market recorded a 245% increase in global incidents since Q1 2019 (+390% ransomware, partially offset by a 70% reduction in data breach). In addition, there has been an 85% rise in remediation costs since 2019.
James Auden at Fitch Ratings observed that, “While cyber insurance premium rates are rising sharply, concerns remain that underwriters can successfully price this business longer term, given constantly evolving risk exposures and sources of loss.”3