2021 was region’s “most challenging year yet for cyber insurance”, according to Aon Asia Market Review

Aon’s latest Asia Market Review highlights the region’s growing cyber threat. It notes that cyber insurance premiums and retentions increased sharply in 2021 while appetite and capacity saw a downturn. It was “the most challenging year yet for the cyber insurance market”.

Retentions, which have historically been low in Asia, almost uniformly increased for medium to large customers. Those able to tolerate more risk had better access to coverage and competition.

Information gathering for the underwriting process became significantly more intensive and time-consuming, with insurers unwilling to give rough indications of pricing without a comprehensive submission review.

Total limits purchased increased materially as insurers selectively deployed limited capacity despite increasing demand.

Exposure to ransomware was a key concern. Several markets introduced new questionnaires to better understand exposures or imposed co-insurance and sub-limits on ransomware-related losses.

Insurers call for proactive response

Ransomware preparedness, as well as response and recovery capabilities, have become crucial due to the increase in ransomware-related claims, notes Aon.

Customers can conduct ransomware simulations, where key stakeholders strategise difficult discussions around paying an extortion demand, as opposed to attempting to recover systems.

Customers should also identify the vendors they would engage should an incident occur and incorporate them into the simulations.

Looking ahead, the broker predicts that market conditions will remain challenging with no immediate or significant softening due to persisting global threats, although adjustments look set to be less severe than 2021.

Demand is expected to increase irrespective of challenging market conditions as customers across various industries recognise key risks and view their policies as essential.

Meanwhile, the impact of General Data Protection Regulation (GDPR)-like privacy laws in Asia may become more apparent due to robust enforcement measures.