Buyer-Friendly Cyber and E&O Market: How to Take Advantage
A buyer-friendly Cyber and E&O market is quickly emerging. Learn more about the changing global market and how to capitalize on it.
Key Takeaways
-
Substantial new capacity and improved insurer loss performance have led to decreasing rates in Cyber and E&O in early 2023.
-
Premium rates are expected to continue softening, with global economic, geopolitical or systemic cyber events potentially impacting the market.
-
Underwriting remains rigorous. Buyers should start their renewal placement process early to build a strong risk narrative to share with underwriters.
After experiencing rate increases over 100 percent in late 2021 and early 2022, the global cyber and errors and omissions (E&O) market has undergone a distinct and dramatic pendulum swing, shifting toward a buyer-friendly market in early 2023.
There are a variety of market factors contributing to the new rate environment, including:
- New and returning markets have brought new capital and competition, leading to further rate deceleration
- A decline in loss frequency and severity as businesses continue to help strengthen their security risk controls and enhance their risk profiles
- A redirect to more sustainable pricing levels after a potential overcompensation for ransomware losses in 2021-2022
However, underwriters — who now operate at a more in-depth, technology-driven and sophisticated level — are maintaining rigor as they closely monitor global events that may impact cyber claims. Economic changes, a shift in the geopolitical environment and widespread systemic cyber events could all adversely impact continued rate reductions.
These three areas are expected to shape the market through the balance of 2023:
- Substantial new capacity will help soften the market. Aon expects that premium rates in 2023 will be more competitive than for the prior 24 months, driven by improved loss ratios and an influx of new capital that has created a higher global premium pool, especially in the excess markets.
- War exclusions, infrastructure exclusions, and “widespread events” remain in the terms and conditions spotlight. Updated war exclusions have been introduced and are inconsistent across the global cyber insurance marketplace. Infrastructure exclusion updates, specifically for the digital environment, merit thoughtful analysis and dialogue among brokers and insureds. Limiting coverage for widespread events or widespread outages is an effort to solidify the future of cyber insurance, but it risks deteriorating the value proposition of cyber insurance for businesses that see benefit to outsourcing technology and security to third party providers.
- The underwriting process is rigorous, but it’s also more comfortable for businesses, if they are well-positioned to share their security narrative. Assembling the right team and investing the right resources across the organization can help achieve improved coverage results at renewal.
Buyers can take advantage of market improvements by starting their renewal placement process early and continue to build relationships with insurers. Businesses have become more prepared, collaborating internally to provide strong strategies around contractual risk management, information security, privacy and operational continuity. An early start can give the risk manager more control and address potential bumps in the road.
“Where businesses were constrained by availability in 2021 and into 2022 it is now vastly different,” says David Molony, Head of Aon’s Cyber Solutions for EMEA. “Instead, buyers should now be looking at mitigating their exposure — taking advantage of the market at the expense of sacrificing coverage to help save short-term premium dollars.”
While the E&O and Cyber market has many similarities between regions, it’s important to acknowledge existing differences. We explore market conditions across the globe — including capacity, loss trends, pricing and coverage.
-
North America
Capacity- Capacity developed throughout 2022, introducing additional options and a more competitive marketplace — which many insureds used to their benefit.
- Capacity continues to grow in Q1 2023, with growing availability to insureds through new insurers and increased carrier limits. Many insurers offering cyber insurance have substantial growth goals for the product. These two factors, along with improved risk controls within insured security environments, create a powerful competitive landscape.
- Severe pricing adjustments experienced in 2021 and 2022 are still top of mind. The hard market was the result of poor loss experience throughout 2018, 2019 and 2020.
- Loss frequency continues to decline from its peak in 2021 but remains higher than 2019. However, ransomware frequency increased sharply, up 49 percent in Q1 2023.
- Improved frequency, along with an unprecedented rate environment in 2022, fuel market growth in what will likely be a profitable product segment over the next few years.
- Rate increases decelerated throughout 2022, beginning in the fourth quarter of the fiscal year. Aon anticipates rate decreases throughout 2023.
- Aon’s pricing data examines the year-over-year price change on a monthly or quarterly basis. This analysis highlights important trends, adding context that some industry sectors and client segments are experiencing far greater pricing disruption.
- Discuss changing war exclusions with your broker to understand implications on market impact and strategy.
- Buyers should not overlook other critical coverage components:
- Privacy concerns, including data breaches and broader collection and use of information.
- Biometric information. Clients should review any proposed exclusions related to biometrics closely with their broker to understand the scope of coverage changes.
- Pixel tracking and Video Privacy Protection Act (VPPA) exposures are another sub-set being reviewed by insurers, specifically the underlying exposure and in some cases, introducing exclusions. If this exposure is relevant, be wary of accepting limitations on coverage.
- Understanding insurer, vendor and law firm requirements is critical to help align with a business’s preferred incident response and litigation approach. Push for higher rate caps with pre-approved non-vendor resources to help offset any cost increases.
-
UK/EMEA
Capacity- Most insurers are looking to grow their cyber portfolios again.
- There is more appetite from markets to move down programs providing much needed competitive tension on both a primary and first excess basis.
- Loss ratios improved in the second half of 2022, however, ransomware activity has started to increase in Q1 2023.
- More markets are highlighting biometric information collection and disclosures as an area of concern due to an uptick in class actions resulting from improper collection, use or retention.
- Operational technology and supply chain risk continue to be heavily scrutinized by underwriters highlighting the need for quality data collection and presentation at renewal.
- The favorable rate environment that emerged in the second half of 2022 has continued into 2023.
- Heightened market competition is expected to result in more favorable outcomes for businesses throughout 2023.
- The effects of the conflict in Ukraine have not emerged, however, underwriters remain cautious about the potential for cyber disruption emanating from the region.
-
APAC
Capacity- Capacity continues to grow with local and global markets seeing the APAC region as a growth target. Most local markets are increasing average line sizes back to the historical max line size of $10 million. In certain circumstances, some markets now offer limits exceeding $10 million.
- Capacity deployment is still managed carefully, with a focus on cautious growth. For example, some insurers are performing better with coverage and pricing when deploying $5 million or less, even if they can deploy more.
- Overall incident frequency declined in 2022, with cyber events falling by 14 percent compared to 2021.
- Ransomware exposures remain a primary underwriting topic with regional markets, even with event frequency declining by more than 40 percent in 2022 (year-over-year). The threat remains high, however, as frequency has risen in other global regions in Q1 2023. Strong cyber diligence should continue to be stressed.
- 2022 was characterized by several large and high-profile data breaches across the region. The frequency of data breaches declined by only 6 percent. The profile and frequency of these events will continue to shape underwriting behaviors and regulatory agendas across the region into 2023.
- The most frequently impacted industries in APAC include Public Sector, Technology, Media and Telecommunications, Financial Services, Retail and Manufacturing. Manufacturing centers are becoming more prominent across the region. Operational Technology remains a key risk concern for regional markets as well. Further, geopolitical tensions in the region have raised the importance of supply chain risk, particularly for strategically important industry verticals.
- Loss trends have likely improved due to the portfolio management by insurers over the last 24 months, leading to a positive outlook. However, it will take time for the major insured incidents over the last six months to be fully realized by the market, which may be detrimental to loss ratios.
- Rate increases steadily declined in the second half of 2022, with greater deceleration occurring near year-end. This rounds off average rate increases of more than 50 percent over the previous two years.
- On renewals, we are seeing incremental rate movement on primary layers (both increases and decreases) and more consistent rate reduction (5-15 percent) on excess layers. Exceptions include programs that are exceptionally underpriced and in need of further correction, or when carriers have insured a program opportunistically at inflated rates, and more significant reductions are achievable.
- Rate movement is contingent on, among other factors, a demonstration of a detailed focus on security and the extent of previous corrections to pricing.
- Coverage has mostly stabilized, with improvements anticipated for businesses with a detailed focus on security. Restrictions will be eased where key controls can be demonstrated.
- Insureds with excellent security can expect to see improvement in coverage, however, there is minimal coverage innovation. Instead, we are seeing a trend back to broader coverages available prior to 2020.
- War exclusions have been updated, primarily in line with Lloyd’s guidance, but there is a need for more consistent language across insurers, particularly on layered programs.
- Other coverage restrictions related to systemic risk events, unpatched vulnerabilities or unsupported systems can generally be avoided, particularly where insureds can engage productively with underwriters and risk engineers to identify controls in place and plans for improvement.
-
LATAM
Capacity- Capacity has remained stable with current carriers managing exposures. However, we expect a broader appetite in the next few months, with carriers confirming that they want to expand their current footprint in LATAM.
- We also expect a few carriers to move from reinsurance to direct business. Given the smaller limits purchased by clients in LATAM versus other geographies, this is good news and should translate into greater capacity for direct clients.
- Major cyber attacks have occurred recently across LATAM, primarily ransomware. Impacted industries include retailers, financial institutions, utilities and healthcare. Given the adjustments made by underwriters, most of the losses have been absorbed by deductibles or directly by clients that did not purchase cyber insurance coverages.
- Rates per million (RPMs) have remained stable. Premium increases have been linked to inflation, in contrast to the previous three years when we saw a very aggressive re-underwriting of all the carriers.
- Underwriters are requesting more detailed information and concentrating on attachment points, cyber extortion sublimits and coinsurance.
- Despite being introduced in 2022, systemic risk exposure and sublimits are still topics of conversation with carriers. However, it seems like this approach is limited to a few underwriters.
- There has not been significant coverage enhancement in the last few months beyond several carriers that have revamped their wording — looking for more clarity, rather than expanding coverage.
Businesses must build the appropriate team across key internal stakeholder groups, preparing an informative security narrative that gives underwriters knowledge of the efforts taken to build a strong cyber security posture.
How to Help Optimize Market Outcomes in 3 Steps
Don’t lose discipline. Underwriting requirements are still robust, with more sophisticated and technology-driven carriers. It is critical, therefore, that risk buyers revisit their cyber strategy amid the moderating market to help manage their exposure.
Risk managers should consider following these three focus areas to help enhance their cyber risk strategy:
Find Value Through Collaboration
Work with your information security colleagues, in-house counsel, brokers and other advisors to help
shape the prioritization of risks the company views as material and transferrable. Overlaying that
dialogue with financial impact analytics helps develop a framework that can prioritize the
objectives of your cyber insurance program. The softening market provides an opportunity to tailor
important policy wording, push sub-limits to full coverage limits and help eliminate coinsurance
penalties.
Create Long-Term Program Goals
Cyber insurance is sustainable and will continue to bring value to insureds. While insurers’
proposed language changes can bring frustration to risk buyers, it’s important to think
holistically about your E&O and Cyber insurance program. Increasing competition provides an
opportunity for businesses to consider alternative coverage options. Before making a hasty decision,
evaluate the policy language changes and consider the potential downside of switching insurers.
Keep Your Eye on Emerging Trends
Key security controls that limit the probability of a ransomware event are an important part of the
dialogue and underwriting process. Always remain forward-looking. Privacy litigation is on the rise,
and severity exposure is often underestimated. The geopolitical landscape remains a concern for
businesses globally. Understanding emerging threats, what your company is doing to mitigate them,
and then articulating that information to underwriters can help improve the underwriting process.
General Disclaimer
The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
Terms of Use
The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.
Aon's Better Being Podcast
Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.
Aon Insights Series Asia
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series Pacific
Expert Views on Today's Risk Capital and Human Capital Issues
Aon Insights Series UK
Expert Views on Today's Risk Capital and Human Capital Issues
Construction and Infrastructure
The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.
Cyber Labs
Stay in the loop on today's most pressing cyber security matters.
Cyber Resilience
Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.
Employee Wellbeing
Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.
Environmental, Social and Governance Insights
Explore Aon's latest environmental social and governance (ESG) insights.
Q4 2023 Global Insurance Market Insights
Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.
Regional Results
How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.
Human Capital Analytics
Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.
Insights for HR
Explore our hand-picked insights for human resources professionals.
Workforce
Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.
Mergers and Acquisitions
Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.
Navigating Volatility
How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?
Parametric Insurance
Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.
Pay Transparency and Equity
Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.
Property Risk Management
Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.
Technology
Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.
Top 10 Global Risks
Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.
Trade
Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.
Weather
With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.
Workforce Resilience
Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.
More Like This
-
Article 8 mins
U.S. Rail Sectors Work to Mitigate Capacity and Pricing Risk Issues
U.S. freight and commuter rail industries are facing excess liability and property issues for different reasons. These railroads are critical to infrastructure and vital to the economy, yet finding effective solutions remains complex.
-
Article 11 mins
D&O Risks and Considerations for Businesses Planning an IPO
As private companies prepare for an IPO, they face increased risks that require directors and key leaders to adopt essential risk management strategies to ensure a smooth transition.
-
Article 10 mins
How Public Entities and Businesses Can Use Parametric for Emergency Funding
As climate change intensifies the frequency and severity of extreme weather events, public entities and businesses need more flexible funding solutions. Parametric stands out as an adaptable resource capable of swiftly responding to potential disasters.