Cyber market maturity is on the horizon, but industry faces 'an inflection point' - Chubb's Kessler

By Erin Ayers, Front Page News

The cyber insurance market made significant headway in recent years, and now stands “at an inflection point” on its path to maturity, according to Michael Kessler, division president of global cyber risk for Chubb.

“It’s come a long way, certainly in the past three to four years and not just around coverage, but also around the services that are offered to policyholders as well as the realization around what prices should be for the coverage that’s being offered,” said Kessler in a recent interview with Front Page News

That said, cyber market pricing is currently “disconnected” from the level of risk in some cases, Kessler said.

“The number of headline cyberattacks, particularly on large businesses that we’ve seen during ‘23 and into 2024 are actually emblematic of a broader increase in cyber incidents across the spectrum that spiked up after the lull we saw in ’22,” he said. “So, the market pricing environment has become disconnected from that activity in certain pockets.”

Kessler predicted a pricing correction for the industry as insurers recognize the increased claim severity, as well as further refinement of the most valuable services the industry can offer their clients.

Reinsurance growth

While the primary cyber market is making progress, the cyber reinsurance market remains “in its early stages of maturity,” Kessler said, outlining some of the current challenges and potential solutions.

“Most of the reinsurance in the current market is a quota share, which is really emblematic of an early-stages market, not a late-stages market,” Kessler said, adding, “The entire industry could be more efficient by using excess-of-loss reinsurance.”

The next frontier? Encouraging cyber insureds to share more information about their systems and security posture to help “bridge gaps,” better understand what causes cyber events, and price more effectively, according to Kessler.

“The willingness will come more extensively as clients and brokers become more comfortable that the information they share won’t be used against them and will be used with great care,” he said, adding, “The ability to price in a more granular way can help toward mitigating volatility, but only if the rest of the market behaves in the same way.”

Kessler also urged an industry-wide return to minimum basic cybersecurity requirements. He emphasized the value of pairing claims history with effective cybersecurity controls, highlighting multi-factor authentication (MFA), monitoring endpoint protection, robust credentialing/privileged account management, phishing training, incident response planning, regular patching of vulnerabilities, and tapping into insurer-provided vulnerability monitoring and alerts.

There’s still a “great untapped market” for cyber, particularly for small and mid-sized enterprises, he said.

“It’s a very, very hyper competitive market and part of that is because everyone sees it as an opportunity,” said Kessler. “It’s one of the few property/casualty lines of business where there still so many that don’t buy the insurance and there’s an opportunity to grow that pie beyond what it is.”

Managing Editor Erin Ayers can be reached at erin.ayers@zywave.com