Captive premium growth for cyber risk has accelerated by 263 percent in the past year, according to Aon.
“This significant growth rate has occurred within a context of increased capital investment in digital transformation ($1.5 trillion capex per year) and more financially material cyber security incidents (approximately $550bn in economic loss per year),” Aon said in its Cyber Captive Survey for 2019: Creating Value for the Cyber Risk Agenda.
The overall cyber insurance market is growing by 50 percent annually in gross written premiums, but the number of captives covering cyber risk has actually not increased significantly, Aon said. It found that only 3 percent of captives retain cyber risk, up from 2.5 percent, while there has been a 33 percent increase in the number of parent companies accessing cyber insurance coverage from traditional markets, up from 21 percent.
Nearly one in five (19 percent) of Aon managed captives offering cyber coverage have parent companies in the healthcare sector, making it the leading sector. Close behind was the energy sector, which has 15 percent of Aon managed captives with cyber coverage.
Other sectors were a long way behind, with 7 percent each having parents that were financial institutions, food and beverage and life sciences companies.
Overall, the number of captives retaining cyber exposure will expand to 34 percent by 2024, predicted Aon, based on the number of captive owners reporting the future direction of their risk financing strategies.
Aon research suggests captive premiums may only represent up to 10 percent of overall premium spend on cyber coverage.
Cyber insurance coverage provided by a captive is also increasingly likely to include protection not offered via the commercial marketplace, said Aon. According to research, 22 percent of captives currently writing cyber include coverage for liability associated with a bodily injury event, acknowledging the possibility that bodily injuries can arise as a result of a cyber specific incident, for example through the internet of things, virtual reality, autonomous vehicles, robotics or artificial intelligence.
The survey also found that most captive owners still have a relatively unsophisticated approach to retention, limits and premium determination.
“Bearing in mind the evolving risk and technology profiles across industry this is a somewhat surprising finding,” Aon said. It found that 7 percent of captives “are not applying a quantitative risk assessment approach to determine suitability of limits, retentions, and premiums.” This compares to 41 percent of companies “that employ a combination of scenario analysis and modelling to determine the most appropriate risk financing and transfer strategy for traditional enterprise risks.”
To improve penetration of cyber risk coverage, Aon recommended that companies integrate cyber risk into their broader risk management framework, with only 38 percent of risk teams currently responsible for assessing cyber risk, compared to 86 percent of IT teams.
Chief information security officers also need to make greater use of financial metrics when communicating with senior management, it said. More excess and reinsurance capacity should be made available for emergent intangible risks such as intellectual property, with has estimated global losses of more than $600m annually; reputation and brand and privacy regulations, Aon added.
Aon, Cyber risk, Captive insurance, North America, Global