Despite 2017 witnessing the industry’s largest ever insured cyber loss at $275mn, it was a banner year for US cyber underwriters with a combined ratio of only 61.4 percent and aggregate premiums climbing to at least $1.84bn.
According to analysis by Aon, US cyber premiums leapt around 37 percent to $1.84bn last year (see chart) while the number of domestic markets writing US cyber also expanded from 140 to 170.
Despite a number of high profile cyber attacks – not least the NotPetya and WannaCry viruses – the industry’s direct incurred loss ratio actually fell significant from 47.6 percent in 2016 to 32.4 percent.
However, the research is based on filings of US insurers with the National Association of Insurance Commissioners and therefore excludes business written by non-US insurers. It is also based on filings made on a calendar year base rather than accident year or policy year and therefore excludes longer-tail developing losses, such as business interruption losses.
For example, according to the loss analysis company PCS, the NotPetya attack on Merck in June 2017 will lead to the largest ever cyber loss at $275mn but by year-end 2017 the firm had only received $45mn in claims, according to its 10-K filing.
The pharmaceutical giant separately said that its costs and sales could be impacted by up to $915mn from the virus which has led to heightened speculation that its $1.75bn separate property tower may be exposed because cyber is not thought to be excluded.
Aon also said that the release of reserves from prior years will have cushioned the 2017 results of some insurers. “We know of at least one large insurer whose 2017 reported results were reduced by prior year reserve releases”, the broker said.
Another factor that may be suppressing loss ratios is the increasing popularity of ransomware as the “favoured attack method for cyber criminals”.
According to Aon this may lead to more frequent but less severe claims as it’s a move away from the attacks on large single data repositories to a less targeted approach.