A rise in ransomware claims has led to a doubling in US cyber premiums in five years while the margin for this cover “largely eroded,” Aon says.

The overall industry loss ratio in 2020 increased by 22 percentage points to 67% from a year earlier, even as direct written premiums in US cyber insurance rose by a fifth to $US2.74 billion ($3.54 billion) to be more than double 2016 levels, Aon’s annual cyber update, now in its sixth edition, says.

“As with many things in 2020, cyber insurance had a wild ride but this had little to do with COVID-19 and everything to do with ransomware,” Aon Head of Cyber Analytics for Reinsurance Solutions, and the report’s author, Jon Laux said.

“If anything, [these results] understate the increases that many have seen across the industry.”

The average claim size rose by more than half to $US74,354 ($96,132) on a 13% rise in incident response costs and extortion demands. However, claim frequency remained steady at an average 5.6 claims per 1000 policies.

Overall, insurers saw a modest rate increase averaging 2.5% and Mr Laux expects “significantly more” in next year’s numbers.

“Rates in 2019 were flat, and slightly negative in 2018, so compared with recent history this is a dramatic upward shift,” he said.

Loss ratios hit their highest since data collection began in 2015, rising to 72.8% for standalone cyber policies and 58.6% for package policies.

In total, 200 insurers reported writing some cyber premiums last year, with 91 writing more than $US1 million ($1.29 million) and 44 more than $US5 million ($6.47 million).

The top 10 cyber insurers accounted for 68% of direct written premiums, although the data used in the report did not include Managing General Agents (MGAs).

Aon says the numbers also represent a period prior to insurers taking significant steps to address ransomware trends, including rate increases and underwriting actions later in 2020 and early 2021.

“We know the industry is adapting to the new cyber environment, but it’s still too early to evaluate how we are doing,” Mr Laux said. “It’s clear what cyber insurers need to be doing, and we will discover over the next 1-2 years how effectively insurers have responded to the challenges.”

The next several years will be the “proving ground for the cyber insurance thesis,” Mr Laux says, which postulates that by putting a price on risk insurers will help reduce the cost of cyberattacks.

“Insurers are pursuing many interesting tactics to address the claims environment, even as we see new developments opening in the threat environment,” Mr Laux said. “It’s a fascinating time in the industry. Stay tuned.”