Between renewals: Navigating cyber reinsurance over the short and long term

Lydia LaSalata, global head of cyber at Axis Re, offers her insight into what the cyber reinsurance market saw at recent renewals, expectations and challenges for upcoming renewals and why the market should be focusing on the long term.

Key themes from recent renewals

Q1 2024 cyber reinsurance renewals have been largely focused on the continuation of dynamics that surfaced in 2023. At the 2023 mid-year renewals, a few concerning signals became more pronounced in the cyber market including signs of rate softening alongside a noticeable uptick in ransomware events.

These dynamics continued through the 1 January renewals as rates continued to decrease, despite the increase in ransomware events. Even with these challenges, cedants were sometimes looking to retain more net, in part due to their views on rate adequacy. This impacted the overall demand for proportional reinsurance against a healthy supply from reinsurers. In parallel, we observed continued interest in event covers as well, which can help address some of the volatility inherent with cyber.

As we approach the mid-year renewals the market will be grappling with similar uncertainties, albeit potentially tempered by expected rate stability in H2 2024. Fundamentals including partner selection and alignment of interests remain critical to success for reinsurers navigating these complexities. For (re)insurers, remaining cognisant of the volatility that is inherent in a rapidly changing threat landscape continues to be essential.

Upcoming renewals and geographic diversification

While not the spectacle of the 1 January renewals, there is a significant amount of cyber reinsurance business that trades in the middle of the year. This renewal season offers insights into the dynamics of the cyber market beyond the US, as well as the strategies of larger carriers and their approach to specialty lines.

We recognise cybercrime and ransomware incidents don’t affect all geographic regions equally, so we expect treaty terms to reflect the diverse market conditions and underlying portfolio. The impacts of the high-profile ransomware attacks or events that re-emerged last year, such as the Cl0p-backed MOVEit breach and the attacks on MGM and Caesars Entertainment, were largely limited to the US markets. So, while reinsurers, and in particular those that write international business, might be in a defensive position following 1.1, the upcoming renewal season offers a chance to leverage the varied cyber appetite in other regions.

In addition to Japanese exposures, the upcoming renewals also cater to many other international clients. For some, ransomware hasn’t necessarily been the thorn it has been for their US counterparts, which is reflected in the cyber performance for geographically diverse portfolios.

Broader geographic diversity can be an attractive aspect of portfolio management and particularly pronounced in some of the mid-year renewals. It will be important to tap into the local market knowledge of insurers to monitor their underwriting strategies and risk appetites with the goal of making informed decisions and providing value to clients.

Beyond 2024

A vital part of a reinsurer's value proposition is their ability to follow the fortunes of market cycles. In the case of the upcoming renewals, the cyber market will demonstrate how well reinsurers can react to a cyclical threat landscape depending on the resources they have at hand. In the long term, however, the view is less certain.

We can track ransomware attacks and anticipate their impact on the market on an almost real-time basis. The claims are visible, creating a truncated tail that can be addressed more quickly through a changing rate environment. Ultimately, however, cyber also carries long-tail risk and while it is subject to market cycles and evolving threat landscapes, it doesn’t exist in a vacuum. As important as it is for reinsurers to anticipate and react to shifting market trends, we also need to recognise the longer time horizon.

For customers and reinsurers, the topic du jour is privacy and what the upcoming regulatory changes are going to mean for them. With the most significant updates expected from the Biometric Information Privacy Act and similar legislation along with Securities and Exchange Commission filing requirements, most eyes are turned to the US on the issue of privacy. From this, we can draw two things.

First, now that there is a requirement to disclose material breaches within days of their occurrence, there is an opportunity for the worlds of D&O and the cyber market to become better connected. Historically, D&O claims related to cyber breaches and corresponding stock drops have been dismissed, but the new disclosure requirement is almost certain to attract plaintiffs, bringing data breaches and their subsequent disclosure directly under the remit of both D&O and cyber teams.

With many carriers writing both lines, this could pave the way for better collaboration between internal teams. With more coordination and input from each line of business, reinsurers can ultimately help better inform clients, highlighting the value of broader underwriting perspective and specialised teams.

Secondly, as much as everyone is anticipating changes in the US, legislative cycles are not equal across the world. Take the EU, for example, where despite the GDPR, the cyber market remains underpenetrated, and ransomware has been less of an issue (or even unpayable).

For global specialist reinsurers like Axis Re, the value of localised teams goes beyond the ability to respond well between renewal periods. It offers an opportunity for reinsurers to elevate service by providing foresight and broad knowledge of long-term trends. One that is not limited to a high-level understanding of the variations of risks appearing in claims bordereaux or market chatter, but a real-time understanding of risks, locations, and appetites that can only be delivered by the right people in each geographic setting.