Bermuda cyber insurance GWP jumps 64%
Bermuda-based re/insurers reported a 64% rise in cyber insurance gross written premiums in 2022, with the amount expected to continue to grow in the following years, according to a Bermuda Monetary Authority report.
The Bermuda Cyber Underwriting Report 2023 said commercial insurers had gross written premium of $7.75 billion in 2022, up from the prior year’s $4.73 billion. The aggregate number of cyber insurance policies also surged from 200,000 in 2021 to 500,000 in 2022.
“Reinsurance policies continue to dominate the market, accounting for 58% of the overall distribution in GWP, while direct and package policies also saw significant growth,” the report said. “Geographically, the United States continues to lead in the number of policies written, accounting for 49% in 2022 (up from 45% in 2021), followed by worldwide covers (20%), the United Kingdom (14%) and Canada (12%).”
Incurred losses on the other hand remained stable at $1.2 billion aggregate in 2022, with reinsurance policies contributing nearly 50% of the total.
The report said net written premiums also increased by 67% to $5.58 billion in 2022, compared to $3.33 billion in 2021, “indicating a continued increase in risk retention by Bermuda cyber policy writers as cyber models continue to develop”.
“Further, a few prominent players consisting of 15 commercial insurers, compared to 13 in 2021, comprised 80% of the overall GWP for both years, with at least $100 million in GWP written each year,” the report added.
Loss ratios also appeared to have improved significantly, with an overall loss ratio of 22% in 2022 compared to 37% in 2021. This was comparable to the decrease in the global cyber loss ratio from 43% to 68% previously, likely driven by both increases in premium rates and lower losses reported during the year.
The Bermuda captive insurance sector also experienced steady growth, with cyber GWP increasing by 14% to $172 million in 2022, coupled with an increase in the number of captive insurers offering cyber policies.
However, the report noted that the vast majority of the business continued to be written by one captive insurer.
In terms of risks from systemic losses, the report said: “On the aggregate, the market is generally resilient in terms of capital levels after applying post-cyber stress scenarios.”
However, it said re/insurers needed to ensure their capital buffers were sufficient to cover worst case scenarios, with some companies expected to fall behind their enhanced capital requirement ratios.
Insurers also reported improvements in the number of companies who did not have exclusions in place for non-cyber policies. The BMA said it had provided further clarification, guidance and practical examples pertaining to the implementation of the guidelines that were issued in the previous year. Beginning January 1, 2024, companies were required to explicitly state within their policies whether cyber triggers are covered in non-cyber policies.
The report also said Bermuda-based ILS vehicles issued a total of $670 million of aggregate insurance protection in cyber-specific ILS in 2023, which provided critical additional capacity to meet the rising demand for cyber insurance protection.
The report said Bermuda plays an important role in the global cyber insurance market, which was valued at $13.5 billion in 2023 and is projected to grow to $120.47 billion by 2032, exhibiting a 24.5% compounded annual growth rate, according to Fortune Business Insights. However, while the cyber insurance market grows in value, cybercrime is also estimated to cost between $6 to 10 trillion annually, dwarfing the size of insurance coverage in place, according to CyberCube.
“A substantial portion of the global cyber insurance premiums is either ceded to Bermuda-based reinsurers or consolidated into a Bermuda group or a large Bermuda commercial insurer,” the report said. “Bermuda is also home to the greatest number of cyber captives as well as large Insurance-Linked Securities (ILS) vehicles. This provides reinsurance capacity to traditional insurers to cover their own risk and enables cyber insurance coverage for large-scale and systemic cyber events.
“In consideration of this, the Authority continues to view cyber risk as a critical risk that requires ongoing review and a tailored approach in implementing its regulatory and supervisory frameworks.”
Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.