Reinsurers to remain hungry for cyber at 1.1

The dynamic of abundant reinsurance capacity and less pressure on demand seen at mid-year is expected to continue heading into the 1 January renewals despite the impact of the CrowdStrike outage.

At the mid-year renewals brokers reported that strong cyber reinsurance capacity had allowed buyers to improve terms across all structures.

In a report on the mid-year renewals, Gallagher Re said that on proportional cyber reinsurance, which remains the optimal choice of cession structure for reinsurers, the “abnormally high cession percentages from 2022 of 50 percent-plus have come down year over year toward an average cession in the 40s”.

For proportional cover, Gallagher Re reported that ceding commissions increased 1 to 2.5 percent, while rival reinsurance broker Guy Carpenter said they were up 1.5 to 2 percent and that loss ratio caps pushed upward.

Guy Carpenter said that on aggregate excess of loss, “there was restructuring movement to either reduced attachment points with improved ROLs or attaching further out with much lower ROLs”.

The broker added that mid-year renewals saw ongoing interest in alternative structures including event-based covers, continuing a trend observed at 1 January.

Aon’s Reinsurance Market Dynamics July 2024 report had described a “transitioning market”.

The broker said that cyber renewals in the first half of 2024 “have consolidated the progress made at 1.1, as ample capacity and increased competition for cyber reinsurance led to improved outcomes for the majority of insurers”.

“The April and July renewals signalled further improvements in conditions for buyers and set the stage for a competitive reinsurance market looking ahead into 2025,” the report added.

Reinsurers “have appetite for cyber”

Looking ahead to the 1.1.2025 renewals, the trends seen at mid-year are expected to persist.

Talking to The Insurer, Guy Carpenter’s global co-head of cyber Anthony Cordonnier described the market as “still very positive” heading into the 1.1.2025 renewals.

“There's a lot of capacity around. Reinsurers have appetite for cyber and it is still a class that's seen as being attractive,” he said.

Some new players have entered the cyber reinsurance market and established reinsurers that were not major players in the space have ramped up their presence.

“I also think that there's less pressure on demand," Cordonnier said. "We’ve seen cession rates for quota share, for example, being either stable or sometimes marginally down. That's to a degree due to decreased demand but also supply has increased. So it doesn't actually have to increase by that much to create some pressure on prices just because of that.”

The biggest change since the 1 July renewals is the CrowdStrike outage, estimated by Guy Carpenter to have caused $300mn to $1bn in insured losses.

Cordonnier said that quota share reinsurers will take around a 40 percent share of the loss, based on the amount of proportional reinsurance being bought by cedants and consequently premium and losses flowing to reinsurers.

“With quota share reinsurance being the most prominent form of reinsurance still in cyber, we would expect reinsurers to take a share of those losses,” he said.

Cordonnier added that the loss from the outage was not large enough to hit excess-of-loss covers.

Overall, Cordonnier does not expect any major changes in reinsurance buying behaviour heading into 1.1.

“In proportional, I think we have reached a stage where buyers tend to be comfortable with what they're buying in terms of cessions. Some might flex up, some might flex down. Those treaties tend to be more long-term partnerships, so I am not expecting wholesale changes.”

For excess of loss, Cordonnier anticipates more event covers will be bought.

“We have had a few events,” he said. “Although we don’t expect a major impact from CrowdStrike, the profile of the event could indicate it could have been a much more costly event had it happened in a slightly different way – for example, if malicious acts were involved.

“I think that will matter to buyers, and I expect more discussions around event covers, which can materialise with new purchases or different purchases at 1.1.”

Cyber ILS issuance to continue to grow

The past year has also seen the emergence of a nascent cyber cat bond market, with $575mn of 144A issuance from four sponsors: Axis, Beazley, Swiss Re and Chubb. Observers expect this market to continue to grow.

In a report in August, AM Best said it believes that the CrowdStrike outage could bolster demand for cyber reinsurance coverage, and that cyber ILS will continue to play a part in providing that capacity.

“Demand for cyber coverage in the primary market is expected to increase, and the current primary market relies heavily on reinsurance,” the report said. “The need for cyber reinsurance capacity will continue to grow, as the primary market grows and the capacity sourced from the capital markets will become a more material component of cyber reinsurance towers.”

Talking to The Insurer, Jonathan Spry, CEO of Bermuda-UK cyber MGA and modelling firm Envelop Risk, said that cat bonds are not the only form of alternative capital that the cyber space needs.

“For me, the question isn't: what is the solution? The question is: what are you trying to solve? And what you're trying to solve is that, to allow cyber to grow in the way that we expect and hope it will, we will need additional capacity – alternative or third-party or capital markets capacity,” he said.

“We want to act as a bit of a hub for that. But that doesn't necessarily mean cat bonds, which make sense for some of those bigger primaries. That’s not really what we do as a reinsurer. We're much more UNL-based, structured deals and so on. And what I think we need to do is probably use the ILS interest to try and grow the retro market.”

Spry added that Envelop Risk would be “happy to write retro deals on behalf of the capital markets provider for some of our competitors” because it would be a win-win situation.

“I think this is just the beginning of a bigger ILS [sector for cyber],” he said. “We may see sidecars. We may see specific vehicles participating in ILWs. It is not just about the cat bond market.”

The Insurer revealed on 4 September that Howden Re has placed a cyber retro cover on behalf of Envelop SPA 1925, the dedicated cyber reinsurance special purpose arrangement at Lloyd’s set up by Envelop Risk earlier this year.

The cover enables the cyber reinsurance vehicle to protect both the excess of loss and quota share components of its portfolio in one placement.

Howden Re worked with Ariel Re and other markets to develop the structure, which has been designed to help meet capital requirements around the SPA’s main disaster scenarios.

Carriers eyeing 1.1 for signs of rate stabilisation

The underlying cyber insurance market has been softening in response to increased capacity and competition, as well as attractive loss ratios in the 40s in the past two years.

However, some believe that a spate of headline-grabbing events for the cyber market in the past 18 months, including CrowdStrike, could serve to stop the downward momentum on rates.

During a webinar hosted by Burns & Wilcox on 21 August, At-Bay’s head of cyber and tech E&O Michael Drummond commented: “I do think at the end of the year folks are going to be paying a lot more attention to cyber performance, particularly the frequency component of it, and how that is stacking up against rates.

“We'll have eyes on those 1.1 treaty renewals in the reinsurance world, and that should give an indication of what direction we expect the market to go.”

A big theme during last year was war exclusions. But some observers are hoping that this will be less of an issue heading into 2025.

Envelop Risk’s Spry commented: “For reinsurance, we're dealing with this slightly strange situation where we've been trying to move the discussion around risk away from the obsession the market had with war exclusions, which frankly was starting to drive us a little bit mad because we were never convinced that's where all of the risk was.

“We worried that maybe people were taking their eye off the ball when it came to all of the other risk vectors, and potentially exposed coverage areas in the insurance product, and therefore in the reinsurance outcome.”

Spry said that this worry has been followed by the CrowdStrike event, “which behaved exactly the way we thought it would”.

“We’ve been saying for years that you need to worry about non-malicious events, unintended outcomes, and a lack of checklist rigidity in the way that software is released and updated, including in the security stack. If anything, it is surprising that it wasn’t worse than it is looking,” he said.

Spry said the CrowdStrike event is not enough to lead to a hard market but suggested it will lead to risk-focused discussions that will be beneficial for the market.

“Maybe it slows down the temptation for some of the primaries in the US to continue to soften rates. The US market is definitely super competitive,” he said.

Guy Carpenter’s Cordonnier suggested that another topic during renewal discussions will be how the market can continue to grow, through being more relevant to small businesses and expanding beyond mature markets.

“That’s going to be a discussion and a challenge for the business just to reach the growth levels that we've all been enjoying for a long time,” he said. “Cyber still has a huge runway to grow. I think we're at the stage now where the entire market is assessing how to grow the business further. How do we reach new clients? How do we reach new industry verticals and new geographies?”