In an exclusive interview with Asia Insurance Post, Adam Peckman, Head of Cyber Solutions – Asia Pacific and Global Head of Cyber Risk Consulting – Cyber Solutions, Aon,speaks about the emerging trends in APAC Cyber Insurance markets

What is the size of Cyber market in Asia Pacific region? What is the kind of growth the Cyber market is witnessing in the region?

The global cyber insurance market is approximately USD 10-12bn in GWP. That’s based on analysis of the data from Fitch Ratings, the National Association of Insurance Commissioners (NAIC), and S&P Global Ratings.

The largest, most mature, and fastest growing of those markets is the US which accounts for approximately $5-6 billion of GWP and grew by 74% CAGR last year according to Aon’s analysis of NAIC data (see 2022 US Cyber Market Update).

The Asia Pacific region is approximately 10% of that global cyber insurance market and is characterised by varied growth and uptake in cyber insurance across the APAC geographies based on differing degrees of sophistication to cyber risk modelling, risk appetites, and insurance philosophies.

How the APAC market is managing the silent cyber?

Silent Cyber, or non-affirmative cyber, remains a key concern for many companies in the APAC market and is a topic our specialist brokers are proactively managing for clients.

These potential gaps in cover have resulted in damaging consequences for companies.

Examples of how Silent Cyber exists in many insurance programs include data centre exposures, bricking of automated manufacturing facilities, and compromised IP.

We advocate for our clients to adopt a data-driven approach to identifying silent cyber issues in their overall program. This includes Loss Scenario and Policy Stress Testing against the entire insurance portfolio including Property & Liability

What is the impact of Covid-19 on APAC Cyber market? Will it continue? Have Cyber premiums gone up in APAC regions in the last one year? How much it has risen?

In response to the onset of Covid-19 almost all companies in APAC brought forward significant investment in digital technology to overcome the unique operational challenges presented by lockdowns – including distributed workforces, supply chain disruptions, and disconnection from clients and marketplaces.

With two years of capital investment in connected devices, cloud computing, and remote workforce technology, occurring in the first two months of the pandemic (see World Economic Forum. Shaping the Future of Digital Economy and New Value Creation. 2022. Bloomberg. May. 2020) the digital ‘attack surface’ that bad actors could target of those companies grew exponentially.

Unfortunately, owing to the large attack surfaces and how quickly these technologies were deployed, according to the Aon Security Risk Report 2021 only 2 in 5 companies surveyed by Aon (see Aon Security Risk Report 2021 – CyQu data analysed by Aon) reported having sufficient risk management and security practices in place for this new digital reality. Subsequently in the two years following the pandemic, according to the Aon Cyber Market Update 2H 2022 ransomware attacks increased over 400% during
multiple times (Aon analysis of claims and incident data, see Aon Cyber Market Update 2H 2022).

With the worsening risk and incident landscape, we observed a hardening in the cyber insurance market. Globally, the average rate increase exceeded 100% on a YoY basis at various points during 2021. For the middle market segment, there were instances of rate increases exceeded 250% throughout 2021.

For companies in Asia Pacific, the 2020-21 hardening market cycle was particularly acute; given the relatively favourable pricing, lower retentions, and relaxed underwriting approach that was evident throughout the region.

However, with the frequency of cyber claims declining over 40% on a year-on-year basis (Aon analysis) we have observed the global cyber insurance market continuing to stabilise. Accordingly, it is anticipated that there will be a similar easing in conditions within the Asia Pacific market, albeit occurring at a lagging pace to the US and UK.

According to the Aon Cyber Market Update 2H 2022, we should see the APAC become more buyer-friendly than a year ago as new capacity becomes available and rate increases continue to stablise (see Aon Cyber Market Update 2H 2022) ) for companies that demonstrate appropriate risk management and security controls throughout underwriting diligence.

Do you think Asian Cyber markets need the support of ILS to manage the risks?

With the recent hardening in the cyber insurance market, Cyber Insurance Linked Securities products have been increasingly presented as part of the solution to the challenges of reduced insurer appetite and capacity, and a natural peril for the ILS industry to expand into.

However, there remains a number of challenges in structuring an ILS product for an individual cyber risk and successfully bringing that to market. Such as coverage definitions, data and analytics (particularly on aggregation risks), deal structure, and alignment of investor/fund appetite with corporate need.

Globally, the ILS market provided access to US97 billion in capital at the end of the first quarter (Aon 2022 ILS report) which equates to 15% of capital provided to the global reinsurance industry.

Whilst ILS deals for cyber risks have already occurred in the reinsurance format there still remains a number of challenges for APAC companies to leverage alternative capital for cyber risk transfer.

What are Aon’s Cyber agenda for the APAC region?

Aon’s Cyber Solutions business in APAC will continue to integrate our more conventional cyber broking proposition with our security advisory, security testing, incident response and cyber risk quantification capabilities across Singapore, Hong Kong, Japan, Australia and New Zealand.

With only two in five businesses in the region ready to navigate new exposures arising from the digital transformation that occurred following the onset of Covid-19, cyber risk cannot remain an IT risk. It requires an adaptive and ever-evolving enterprise-wide strategy.

In the APAC region, we are building these capabilities around our Cyber Loop model – to deliver more integrated solutions to meet the complex needs of clients.

An APAC-wide approach means our clients will receive holistic cyber solutions, which address pre- and post-incident, cyber security, risk transfer and incident response.

With this integrated portfolio of cyber capabilities, we will deliver the analysis, insights, and solutions across the region to empower our clients to build sustainable cyber resilience amid increasing volatility in APAC and globally.