Sompo sees good opportunity in US despite increase in “fickle capacity”

Sompo International believes it can grow both in the US and Europe, despite the capacity that has come into the market, according to Richard DePiero, who also suggests concerns about the increasingly long tail for cyber are overplayed for those focused on primary business.

In an interview with Cyber Risk Insurer, executive vice president and head of Sompo Pro DePiero said that the higher pricing pushed through in response to the initial wave of ransomware attacks has attracted capacity back into the cyber market.

“Now you've seen what one would say is maybe fickle capacity moving back in, so we've seen rate decreases over the past about a year or so. That has coincided, unfortunately, with frequency and some severity matters,” he said.

The executive is hopeful that the issues on the claims side will serve to stop the downward pressure on rates.

“I would say we probably need to be flat pretty soon. I would say for Q3 we're hoping and looking for flat,” he said.

However, DePiero noted that the rate situation is nuanced for different parts of the market. For primary business, which is a big focus for Sompo International in the US, rates are holding up better.

“But in high excess – which we've mostly pulled out of as we look to deploy capacity strategically down low – we've seen that rate not hold as well,” he said.

Sompo International pulled back from high excess business a few years ago, because the frequency of severe events was hitting those layers such that losses exceeded the premium received.

Discussing market conditions, DePiero said: “Overall, we still see opportunity and growth in the US.”

DePiero said that there is plenty of opportunity to grow in a sustainable manner, but with a strong focus on the underwriting process.

“When we look at the Sompo portfolio we do see a lot of opportunity in the small segment,” he said. “For us, that's a lot of social engineering exposure. So how do we underwrite that? How do we try to identify the risks that are more likely? Is it industry based? Is it email application? Are there certain emails which are more resilient that are automatically turned on for fraud detection and things like that?”

Like many of its peers, Sompo also sees growing opportunities in non-US business. It has made hires in the past year in the UK, Singapore, France and elsewhere in the EU.

“So becoming a global group and pushing our portfolio forward on all sides is very exciting,” he said. “We see ourselves as a global insurer, and not a Japanese insurer, that will continue to grow on both sides of the Atlantic and in Singapore.

“Our US book in cyber has grown a bit faster than the others but we see a lot of green space over in Europe and in Asia.”

DePiero said that some markets, such as those in Europe, are where the US was a decade ago, so the carrier has to be realistic about what it offers.

“So they [Sompo’s international cyber underwriters] may have to play initially a low excess or a broader relationship play on primary and build up. What we're not looking to do is go zero to 100. But should they be a material player in the market in short order with the leadership and infrastructure built over there? Absolutely,” he said.

Two buckets of claims

DePiero highlighted two different buckets of claims.

One is frequency claims, such as social engineering and funds transfer, which are typically sub-limited coverages.

“Those I would say are more paper cuts, but the more paper cuts you get there's a materiality level to it. With the ease and increase of the attacks, we expect to see that multiply manyfold, especially as you see things like ChatGPT, which can run campaigns,” he said.

The other bucket is larger severity losses from sophisticated threat actor groups. The two biggest of these types of losses last year were the casino claims.

“It does take a little while for those types of losses to move up through the towers to get paid. That's where I think you'll start seeing some of those big losses start hitting in short order, in some of those excess markets,” he said.

The overall claims situation is not settling down, DePiero said, but he did note more success in insureds not wanting to pay ransoms.

Tail shorter for carriers deploying down low

An issue that has increasingly come into focus this year is the long tail for some cyber-related exposures. Some reinsurers have pointed to liability exposures that can take as long as eight years to work through.

But DePiero pushed back on this notion, stating that this is not such an issue for cyber insurers playing low down in layers.

“Does cyber have a long tail? Well, tech E&S, which contains cyber, 99.9 percent of the time does have a tail, and I would not tell anyone it doesn't,” he said.

DePiero continued: “But there is a material difference in the tail of a low-attaching layer on cyber and a layer which attaches in the sky. Business interruption, certainly, if you're deploying high excess, that can take a couple of years to come through. I certainly agree with that.

“But if you're attaching down at the 10 x 20, 10 x 30, you know pretty soon. It might be a year. It might be two years. Maybe on high excess, it is close to six. But if you're deploying down low, I think that tail is a little shorter.”