In the news

Pivot for success: navigating the $30bn cyber market-in-waiting

By Claire Churchard
Intelligent Insurer

With tight underwriting controls and continuous training, we can expect to bridge that talent gap.
Catherine Rudow
Everest Global Head of Cyber Reinsurance

The cyber insurance market is expected to double in size in the next seven to 10 years, says Catherine Rudow, global head of cyber reinsurance at Everest. But the industry has some major hurdles ahead—including the spectre of a cyber cat event.


Insurers need to be prepared to pivot in the cyber insurance market to realise its full potential because the loss landscape changes fairly quickly, says Catherine Rudow, global head of cyber reinsurance at Everest.


But it is worth the effort as the market is very much in “growth mode” and its prospects are pulling in capacity, she tells Intelligent Insurer. Rudow thinks the market could grow to around $30 billion in the next seven to 10 years—and that’s a conservative estimate, she says.

The reasons for such growth are many. Rudow points to its historic profitability, for one.


“Publicly available data shows that the market has been profitable for most years, and that the recent measures insurers have taken to combat the rising ransomware problem has returned the market to profitability,” she says, adding that growing awareness of cyber risk and exposure has prompted many buyers not just to improve their cybersecurity but to buy insurance.


“Even in the US where this product is probably the most mature, there are still new buyers and cyber exposures continuously pose new threats. This drives increased demand for cyber insurance solutions across the globe.”


The class has received a welcome boost from the growing number of resources that write and monitor risks. Rudow says there have been “heavy investments” in such tools from carriers and vendors. This has improved the ability to assess and monitor portfolios, and to manage the aggregation, she adds.


Key market challenges


Cyber insurance is not all plain sailing and Rudow is clear about the challenges. She flags up the talent shortage which she says is “felt acutely” in this market because cyber is a relatively new line of business, which has grown quickly. However, she adds: “It’s an exciting line of business and it is attracting good talent. With tight underwriting controls and continuous training we can expect to bridge that talent gap.”


The fast-evolving cyber loss landscape is another challenge. Rudow says that after a “fairly benign 2022”, there is now evidence that threat actors are reorganising and increasing the number of cyber attacks.


“In the US, we’re seeing more third party loss activity associated with privacy regulation. So the constant changes in the loss landscape are very challenging for insurers.”


Navigating evolving losses means “insurers need to be prepared to pivot” in this market, she says, which can be done using pricing, coverage restrictions, limits management and underwriting controls that focus on problem areas.


Challenges around aggregation are also big for cyber


“Aggregation has been a challenge for the market since the beginning. But as the market has grown so quickly, it’s now receiving much more attention.


“What we’re seeing is improvements in data quality and the aggregation models continue. But with very few actual cyber events, there remains some uncertainty,” Rudow explains.


She emphasises the potential of cyber war to be a source of aggregation risk, acknowledging that it’s a hot topic in the industry. Debate is centred around how to best modernise the war exclusion to address cyber warfare, she says, adding that cyber policy always intended to exclude war, but the older war exclusions don’t address how cyber attacks should be treated in the context of war.


Rudow expects discussions on this to be ongoing as the industry works through the complexity of developing a modernised solution.


“The takeaway here is that the industry is aware of the aggregation problem and continually making strides to understand and manage the aggregation of exposure,” she says.


The spectre of cyber cat


You can’t talk about aggregation without including cyber catastrophe. How prepared is the re/insurance industry for the possibility of such an event?


Rudow says that over the past few years the cyber insurance industry has implemented a number of changes, including the one she thinks is most important: the requirement for higher cybersecurity standards. This has made portfolios more resistant and resilient to cyber attacks, she says.


“This is a big step in the right direction. In addition, the aggregation models are becoming increasingly sophisticated and the market is expanding its understanding of those aggregation models.”


The “growing alignment” of cyber interests with law enforcement actions is also significant, she says, because governments have the capabilities to prevent or respond to some of those large-scale attacks.


“The industry has made tremendous strides in its preparedness for a cyber cat event,” she concludes.


This originally ran along with a video interview in Intelligent Insurer with the title, Pivot for success: navigating the $30bn cyber market-in-waiting.