Cyber 'more profitable than other lines'
The median cyber portfolio had a claims to premiums ratio of 33%, compared with the equivalent total non-life ratio of 58%, according to a study from the IAIS
But there was a stark difference between high- and low-performing cyber portfolios, with the overall average pulled down by a ‘handful of outliers’, analysis by International Association of Insurance Supervisors finds
Cyber insurance portfolios are generally more profitable than other lines of business, an analysis has revealed.
The study by the International Association of Insurance Supervisors (IAIS) found cyber portfolios had a lower average loss ratio than non-life business overall. The median cyber portfolio had a claims to premiums ratio of 33%, compared with the equivalent total non-life ratio of 58%, according to the analysis.
While the two figures were not directly comparable – because the overall non-life figure includes cyber – the IAIS said it indicated for these companies cyber tended to be more profitable than other lines.
But the study found there was a stark difference between the best- and worst-performing cyber portfolios. While half of the insurers analysed reported cyber outperformed other lines, the overall average was pulled down by a “handful of outliers” that experienced much higher loss ratios.
The third quartile of firms had an average cyber claims ratio of 87%, compared with a non-life ratio of 60%.
This brought the total average cyber claims ratio to 68%, compared to an overall non-life ratio of 55%.
“Evidently, the overall profitability of cyber was driven by a handful of outliers with large loss ratios,” the report, which looked at the profitability of 15 global insurers with premiums of more than $1m, said.
It continued: “Looking at the average of this ratio for cyber underwriting alone could be misleading because of the presence of a large outlier that is a small player in this market.”
The IAIS’s study also found cyber underwriting activity posed no threat to the financial stability of insurers because the affirmative coverage market was still small, meaning the sector would be able to absorb large losses.
The collective cyber premiums written by 25 insurers monitored by the IAIS amounted to less than 1% of the premiums they wrote in 2021. This group of insurers wrote slightly less than $6.7bn in cyber insurance business that year, compared with nearly $785bn in total non-life and non-health premiums.
Similarly, the IAIS said the total cyber-related net incurred claims reported by a sample of 15 insurers amounted to $2.5bn in 2021, less than 1% of their total non-life net claims, which amounted to $299bn.
But, the IAIS warned, the limitations on data and differences in how non-affirmative cyber coverage is mitigated across insurers meant it was not possible to fully assess the risk of the cyber class to insurers’ financial stability.
It also said the cyber operational risk management practices of the insurers it surveyed did not appear to incorporate systemic risk considerations – for example, an ecosystem’s exposure to a single point of failure.
While insurers did collect resilience data on a company-level basis, a lack of common definitions and reporting standards has created barriers to using this type of data for market-wide analysis, the IAIS said.
