Notes From PLUS Cyber Symposium 2023

February 16, 2023

After recently joining the Professional Liability Underwriting Society (PLUS), TEKRiSQ attended our first PLUS Cyber Symposium this week in New York City. We found it to be an excellent event, filled with valuable insight covering the year behind us, the present trends and market changes, the expectations for the future sustainability of cyber insurance and the hopes & aspirations of of many of its key players.


The Great Correction

The overwhelming consensus is that the cyber insurance industry has survived (and perhaps began to thrive) the challenging, hardened market over the last two+ years, and now considers it a correction. This term was used repeatedly during the event by brokers, underwriters and industry veterans as a necessary adjustment in response to devastating ransomware claims, insufficient premium, limited capacity, low retention and overly broad coverage terms. Together, these that created somewhat of a perfect storm, which met the increased demand from insureds head-on.

Where are we headed in 2023?

We’re already seeing some downward pricing relief in the first month+ of the new year. While its not expected to dip too dramatically, the additional capacity coming into the market is likely to allow brokers and insureds to take advantage of the following;

  • Better deals on retention for insureds doing the right things
  • Higher limits during renewals for good risks at little additional cost

We are already beginning to see far more surgical underwriting, with insurers seeking more meaningful metrics proven to predict cyber risk upfront. We’re seeing less reliance on scans and more unique methods of assessing risk upfront, with models to better anticipate problem areas.

The following excerpt was taken from the PLUS event materials at the conclusion of the conference;

“expect the market stabilization seen in the second half of 2022 to continue into 2023. This is largely due to the decrease in median ransomware payments and implementation of better security controls by Insureds. Competition among cyber underwriters has increased as carriers shift their focus from book remediation to premium growth”

Some interesting things we overheard;
  • Marsh Cyber Analytics Team shared cyber risk prediction thoughts: Scan data offers 10% improvement
  • Major risks are found to be introduced through supply chain (70%)
  • Understanding cyber culture is becoming critical to underwriting.  The example given showed that not patching was correlated to a 5x increase in claims.  This was not attributed to patching per se but was indicative of a pure cyber culture.  (Marsh Scott Stransky)
  • Not all checkboxes on the apps have any correlation to claims.
  • Need a scalpel approach to assessing client cyber risk – one size fits all is no longer what underwriters want.
  • Quality control metrics, on going loss control are very important.  Underwriters really don’t like the once per year underwriting process but this can not change.  They are at a loss as to how to solve it.  (This is a major theme addressed by in TEKRiSQ’s CyberCertified process)
  • Business email compromise is growing from 25% to 36% of all cyber claims