The cyber insurance market is undergoing significant changes, driven by the increasing scale and sophistication of cyberattacks worldwide. The Bermuda Monetary Authority’s (BMA) 2023 Bermuda Cyber Underwriting Report highlights how emerging technologies, such as generative AI, heighten cyber risks by enabling more sophisticated and targeted attacks. This shift has fueled a surge in demand for cyber insurance products across various industries, especially among small and medium-sized enterprises (SMEs).
The report outlines key statistics and findings from the BMA’s analysis of 2022 annual filings for commercial insurers, insurance groups, and limited-purpose (re)insurers in Bermuda. According to the report, the global cyber insurance market, valued at $13.5 billion in 2023, is projected to grow to $120.47 billion by 2032. However, the estimated cost of cybercrime, between $6 to $10 trillion annually, far exceeds the insurance coverage in place.
Our takeaway follows: You can read the whole report here.
Bermuda’s Role in Cyber Insurance
Bermuda, a leading global reinsurance hub, is critical in providing capacity for cyber insurance risks. A substantial portion of global cyber insurance premiums is ceded to Bermuda-based reinsurers or consolidated into Bermuda groups or large commercial insurers. Bermuda also hosts the largest number of cyber captives and substantial Insurance-Linked Securities (ILS) vehicles, which provide reinsurance capacity to traditional insurers and enable coverage for large-scale and systemic cyber events.
The BMA prioritizes cyber risk as a critical area that requires ongoing review and a tailored approach to its regulatory and supervisory frameworks. In 2022, commercial insurers in Bermuda reported a total cyber insurance Gross Written Premium (GWP) of $7.75 billion, marking a 63.7% increase from the previous year’s $4.73 billion. Cyber insurance policies surged from 200,000 in 2021 to 500,000 in 2022. Reinsurance policies dominate the market, accounting for 58% of the overall distribution in GWP, with direct and package policies also showing significant growth.
Geographical Distribution and Market Dynamics
Geographically, the United States leads in the number of policies written, accounting for 49% in 2022, up from 45% in 2021. It is followed by worldwide covers (20%), the United Kingdom (14%), and Canada (12%). Incurred losses remained stable at $1.2 billion in 2022, with reinsurance policies contributing nearly 50% of the total. The overall loss ratio improved significantly, dropping from 37% in 2021 to 22% in 2022, likely due to increased premium rates and lower losses reported during the year.
The Bermuda captive insurance sector also saw steady growth, with cyber GWP increasing by 14% to $172 million in 2022, alongside an increase in the number of captive insurers offering cyber policies. Captive insurers, particularly Class 3 insurers, accounted for 62% of the total captive GWP in 2022, up from 43% in 2021. The captive sector continues to play a crucial role in managing cyber insurance risk by offering tailored risk management solutions, cost efficiencies, and enhanced control over claims and coverage.
Stress Scenarios and Regulatory Enhancements
The report presents the results of a stress testing exercise required by the BMA as part of the 2022 year-end regulatory filings, comparing outcomes between company-specific stress tests and the BMA’s prescribed Cyber Worst Case Scenarios (CWCS). The market is generally resilient in terms of capital levels after applying post-cyber stress scenarios, though some insurers are expected to fall below their Enhanced Capital Requirement (ECR) ratio. This highlights the need for insurers to monitor and enhance their capital buffers to manage this risk effectively.
The BMA designed three prescribed cyber stress scenarios in 2022 to enhance market analysis, including a major cloud outage, a widespread malicious software attack, and a large-scale data breach. Results indicate increased losses for each scenario, with ransomware presenting the highest increase in 2022. The BMA emphasizes the need for insurers to explicitly state whether cyber triggers are covered in non-cyber policies, starting January 2024, to ensure policyholders have clarity on coverage for cyber exposure.
The Growing Cyber ILS Sector
The cyber Insurance-Linked Securities (ILS) sector in Bermuda shows significant potential for growth. In 2023, Bermuda-based ILS vehicles issued $670 million in aggregate insurance protection for cyber-specific ILS, providing additional capacity to meet the rising demand for cyber insurance. The development of this sector is critical for offering adequate coverage against increasingly sophisticated and frequent cyber threats.
Companies are encouraged to review their compliance with the Insurance Sector Operational Cyber Code of Conduct and refer to the 2023 Operational Cyber Risk Management Report to address any deficiencies and improve their governance and risk management frameworks. The BMA recognizes the importance of enhancing its regulatory and supervisory frameworks as the cyber threat landscape evolves.
Addressing the Cyber Protection Gap
Bermuda’s pivotal role in covering a substantial portion of the cyber protection gap within the global cyber insurance landscape is highlighted in the report. Out of the total $13.5 billion global cyber GWP in 2022, $7.5 billion was written by Bermuda groups and commercial insurers, while $172 million was written by the captive sector in Bermuda. Additionally, the ILS sector provided $670 million in coverage through cyber-specific ILS issuances in 2023.
The BMA’s framework has encouraged the creation of new cyber insurance products to address current and emerging threats across industries. Despite these advancements, a significant cyber insurance coverage gap remains, estimated at $900 billion, comparable to the gaps in natural catastrophes, healthcare, and pensions.
Future Steps and Enhancements
To strengthen the resilience of the Bermuda market against cyber risks, the BMA will implement several enhancements for the 2024 year-end filings. These include completing stress/scenario testing exercises mandatory for all groups and commercial insurers, enhancing CISSA and GSSA reviews, and issuing a new guidance note on cyber underwriting. The BMA aims to maintain a robust regulatory framework through a consultative approach, regularly engaging with industry stakeholders, cybersecurity firms, modeling firms, and rating agencies.
Conclusion
The BMA’s 2023 report underscores Bermuda’s crucial role in the global cyber insurance market. The BMA remains committed to refining its regulatory frameworks as cyber threats evolve to ensure a resilient and sustainable market. Through collaboration with industry stakeholders and continuous monitoring of emerging technologies like generative AI, the BMA is poised to address the growing cyber protection gap and support the development of innovative solutions in the cyber insurance landscape.
Source: Bermuda Cyber Underwriting Report.
Other News: CISA says SonicWall bug being exploited as experts warn of ransomware gang use.