12 May 2023Analysis

Marsh cyber report highlights increase in captives

Marsh’s latest US Cyber Purchasing Trends report has found that despite challenges within the US cyber insurance market over the last two years, the number of clients purchasing cyber insurance continued to climb, with the number of captives writing cyber coverage also rising.

The report said that in 2022 36% of Marsh’s US clients purchased cyber insurance compared to 33% in 2020.

Among other findings:

In 2022, Marsh’s US education clients had the highest take-up rate of cyber insurance than any other industry, at 60%, followed closely by healthcare at 56%.

Over the three years 2020 to 2022, Marsh’s US financial institutions and life sciences clients saw the largest change in cyber insurance take-up rates, both increasing by 20%.

The number of Marsh-managed captive insurers writing cyber coverage increased 75% from 2020 to 2022.

After slowing in 2022 compared to 2021, ransomware-related claims rose 77% in the first quarter of 2023 compared to the fourth quarter of 2022.

The number of privacy-related claims increased by 85% in first quarter 2023 compared to the fourth quarter of 2022.

Average US cyber rate increases continue to decline from December 2021 highs: 17.1% (Dec. 2022) vs. 133% (Dec. 2021)

Commenting on the report, Greg Eskins, US cyber product leader, said: “The increase in the number of organisations purchasing coverage is a positive trend, reinforcing the view that insurance is an important part of a holistic cyber risk management strategy. Buyer uncertainty still remains however – namely around war, cyber operations, and systemic/catastrophic risk exclusions – which we continue to tackle on behalf of clients. Cyber insurance products need to resonate most with those who invest in cyber insurance products to protect against strategic risks.”

“Captives have become an incredibly useful tool for organisations over the last couple years as they’ve grappled with difficult cyber market conditions,” said Ellen Charnley, president of Marsh Captive Solutions. “In some cases, organisations are funding portions of their cyber risk into a single parent captive such as a deductible or a self-insured retention, in other instances they are using a captive for quota share arrangements or to access reinsurance.”