15 MAY 2017 4:30 PM EST

Fitch Ratings-Chicago/London-15 May 2017: The slew of recent ransomware attacks in over 150 countries reveals the widening scope of corporations’ cyber risk exposures, which is likely to increase demand for related insurance protection, Fitch Ratings says. Insurers are in a unique position to assist customers in addressing the cyber threat. However, a cautious approach to adding cyber exposures is warranted as there is considerable uncertainty in pricing and underwriting this risk. Aggressive expansion by individual underwriters into the segment could be credit negative.

Tallying the costs from recent attacks will take time. However, growth in corporate anxiety from cyber-related threats amid regular reports of data breaches and other information system intrusions will spur demand for cyber protection and solutions including insurance protection. Furthermore, compliance with developing regulations will likely increase the demand for coverage.

Insurers are playing an expanded role in countering the cyber threat, utilizing traditional expertise in risk management and claims services. They are also gaining more technical expertise in cyber threat testing and prevention and post-event resolution through acquisitions or alliances with cyber security vendors. Cyber protection coverage, therefore, increasingly includes a service and advisory component, as well as insured loss limits.

Besides cyber extortion and ransomware attacks, cyber-related events may include systems hacking, data theft and denial of service attacks. These events may create economic losses from damage to systems and property, remediation costs, lost revenue due to business interruption and reputation damages. Hacking events can also generate third-party liability exposures triggered by errors and omissions or failure to protect data. Professional liability exposures, including potential claims against directors and officers for failing to manage risks and prevent cyber incidents, are also possible.

US insurers wrote approximately $1.3 billion in cyber coverage in 2016, and this market could grow more than tenfold to $14 billion by 2022. Leading writers of cyber risk include American International Group, Inc. XL Group Ltd and Chubb Limited. Many insurers have taken a cautious approach to introducing cyber coverage, particularly with regard to liability coverage. Underwriting experience relating to cyber coverage, as reported by insurers, has appeared relatively favorable for insurers in the past two years, but the market remains untested.

Insurers’ reluctance to write more cyber coverage lies with challenges in establishing actuarially robust pricing and coverage terms for cyber-related risks given still-limited data from historical claims losses. The evolving nature of events and uncertainty regarding the source and range of potential losses add further challenges. Premium growth in cyber products may also be dampened somewhat by contrasts between the coverage insurers are currently willing to offer and the policyholders’ perspective of the nature of their cyber risk and protection needs. Over time, these differences will likely converge as the market matures.

Given the scope of these challenges, we would view aggressive growth in stand-alone cyber coverage, or movement to high portfolio concentration in cyber, as negative for an insurer’s credit profile. Underwriting, pricing and reserving uncertainties would outweigh the potential earnings growth benefits. Controlled growth as part of a diversified portfolio, coupled with continually enhanced underwriting standards, would generally be neutral for the credit profile.

Contact:

James Auden
Managing Director
Insurance
+ 1 312 368-3146
Fitch Ratings, Inc.
70 West Madison Street
Chicago, IL

Gerry Glombicki
Director, Insurance
+1 312 606-2354

Simon Kennedy
Senior Analyst
Fitch Wire
+44 203 530 1387

Media Relations: Hannah James, New York, Tel: + 1 646 582 4947, Email: hannah.james@fitchratings.com.

The above article originally appeared as a post on the Fitch Wire credit market commentary page. The original article can be accessed at www.fitchratings.com. All opinions expressed are those of Fitch Ratings.

ALL FITCH CREDIT RATINGS ARE SUBJECT TO CERTAIN LIMITATIONS AND DISCLAIMERS. PLEASE READ THESE LIMITATIONS AND DISCLAIMERS BY FOLLOWING THIS LINK:HTTPS://WWW.FITCHRATINGS.COM/UNDERSTANDINGCREDITRATINGS. IN ADDITION, RATING DEFINITIONS AND THE TERMS OF USE OF SUCH RATINGS ARE AVAILABLE ON THE AGENCY’S PUBLIC WEB SITE AT WWW.FITCHRATINGS.COM. PUBLISHED RATINGS, CRITERIA, AND METHODOLOGIES ARE AVAILABLE FROM THIS SITE AT ALL TIMES. FITCH’S CODE OF CONDUCT, CONFIDENTIALITY, CONFLICTS OF INTEREST, AFFILIATE FIREWALL, COMPLIANCE, AND OTHER RELEVANT POLICIES AND PROCEDURES ARE ALSO AVAILABLE FROM THE CODE OF CONDUCT SECTION OF THIS SITE. DIRECTORS AND SHAREHOLDERS RELEVANT INTERESTS ARE AVAILABLE AT HTTPS://WWW.FITCHRATINGS.COM/SITE/REGULATORY. FITCH MAY HAVE PROVIDED ANOTHER PERMISSIBLE SERVICE TO THE RATED ENTITY OR ITS RELATED THIRD PARTIES. DETAILS OF THIS SERVICE FOR RATINGS FOR WHICH THE LEAD ANALYST IS BASED IN AN EU-REGISTERED ENTITY CAN BE FOUND ON THE ENTITY SUMMARY PAGE FOR THIS ISSUER ON THE FITCH WEBSITE.
Copyright © 2017 by Fitch Ratings, Inc., Fitch Ratings Ltd. and its subsidiaries. 33 Whitehall Street, NY, NY 10004. Telephone: 1-800-753-4824, (212) 908-0500. Fax: (212) 480-4435. Reproduction or retransmission in whole or in part is prohibited except by permission. All rights reserved. In issuing and maintaining its ratings and in making other reports (including forecast information), Fitch relies on factual information it receives from issuers and underwriters and from other sources Fitch believes to be credible. Fitch conducts a reasonable investigation of the factual information relied upon by it in accordance with its ratings methodology, and obtains reasonable verification of that information from independent sources, to the extent such sources are available for a given security or in a given jurisdiction. The manner of Fitch’s factual investigation and the scope of the third-party verification it obtains will vary depending on the nature of the rated security and its issuer, the requirements and practices in the jurisdiction in which the rated security is offered and sold and/or the issuer is located, the availability and nature of relevant public information, access to the management of the issuer and its advisers, the availability of pre-existing third-party verifications such as audit reports, agreed-upon procedures letters, appraisals, actuarial reports, engineering reports, legal opinions and other reports provided by third parties, the availability of independent and competent third- party verification sources with respect to the particular security or in the particular jurisdiction of the issuer, and a variety of other factors. Users of Fitch’s ratings and reports should understand that neither an enhanced factual investigation nor any third-party verification can ensure that all of the information Fitch relies on in connection with a rating or a report will be accurate and complete. Ultimately, the issuer and its advisers are responsible for the accuracy of the information they provide to Fitch and to the market in offering documents and other reports. In issuing its ratings and its reports, Fitch must rely on the work of experts, including independent auditors with respect to financial statements and attorneys with respect to legal and tax matters. Further, ratings and forecasts of financial and other information are inherently forward-looking and embody assumptions and predictions about future events that by their nature cannot be verified as facts. As a result, despite any verification of current facts, ratings and forecasts can be affected by future events or conditions that were not anticipated at the time a rating or forecast was issued or affirmed.
The information in this report is provided “as is” without any representation or warranty of any kind, and Fitch does not represent or warrant that the report or any of its contents will meet any of the requirements of a recipient of the report. A Fitch rating is an opinion as to the creditworthiness of a security. This opinion and reports made by Fitch are based on established criteria and methodologies that Fitch is continuously evaluating and updating. Therefore, ratings and reports are the collective work product of Fitch and no individual, or group of individuals, is solely responsible for a rating or a report. The rating does not address the risk of loss due to risks other than credit risk, unless such risk is specifically mentioned. Fitch is not engaged in the offer or sale of any security. All Fitch reports have shared authorship. Individuals identified in a Fitch report were involved in, but are not solely responsible for, the opinions stated therein. The individuals are named for contact purposes only. A report providing a Fitch rating is neither a prospectus nor a substitute for the information assembled, verified and presented to investors by the issuer and its agents in connection with the sale of the securities. Ratings may be changed or withdrawn at any time for any reason in the sole discretion of Fitch. Fitch does not provide investment advice of any sort. Ratings are not a recommendation to buy, sell, or hold any security. Ratings do not comment on the adequacy of market price, the suitability of any security for a particular investor, or the tax-exempt nature or taxability of payments made in respect to any security. Fitch receives fees from issuers, insurers, guarantors, other obligors, and underwriters for rating securities. Such fees generally vary from US$1,000 to US$750,000 (or the applicable currency equivalent) per issue. In certain cases, Fitch will rate all or a number of issues issued by a particular issuer, or insured or guaranteed by a particular insurer or guarantor, for a single annual fee. Such fees are expected to vary from US$10,000 to US$1,500,000 (or the applicable currency equivalent). The assignment, publication, or dissemination of a rating by Fitch shall not constitute a consent by Fitch to use its name as an expert in connection with any registration statement filed under the United States securities laws, the Financial Services and Markets Act of 2000 of the United Kingdom, or the securities laws of any particular jurisdiction. Due to the relative efficiency of electronic publishing and distribution, Fitch research may be available to electronic subscribers up to three days earlier than to print subscribers.
For Australia, New Zealand, Taiwan and South Korea only: Fitch Australia Pty Ltd holds an Australian financial services license (AFS license no. 337123) which authorizes it to provide credit ratings to wholesale clients only. Credit ratings information published by Fitch is not intended to be used by persons who are retail clients within the meaning of the Corporations Act 2001

______________________________________________________________________
Confidentiality Notice: The information contained in this e-mail and any attachment(s) is confidential and for the use of the addressee(s) only. If you are not the intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete this e-mail and any attachment(s) and notify us immediately. Unauthorized use, reliance, disclosure or copying of the contents of this e-mail and any attachment(s), or any similar action, is strictly prohibited. Fitch Ratings reserves the right, to the extent permitted by applicable law, to retain, monitor and intercept e-mail messages both to and from its systems.

This e-mail has been scanned by the MessageLabs Email Security System. For more information, please visit http://www.messagelabs.com/email.
______________________________________________________________________