Ransomware is now “truly weaponised” and this year and next are likely to be the first consecutive years of hardening conditions in cyber insurance after a “notable acceleration” in the pace of price increases in recent months, with insurers suggesting 20-40% rate increases for 2021, Aon says.

The cyber risk and insurance market landscape has “unmistakably changed”, Aon’s new Cyber Insurance Market Insights report says, noting cyber crime is now reported to be the fastest growing form of crime in the US with predictions it will be more profitable than the global trade of all major illegal drugs combined this year, at a cost of $US2-$US6 trillion ($2.6-$7.8 trillion).

The new report says the Australian market, where gross written premium (GWP) has reached more than $US110 million ($142.95 million), is demonstrating “transitionary characteristics”, where cyber insurance adoption rates are increasing steadily but are not equivalent to the US, where GWP stands at $US4.4 billion ($5.72 billion).

“This is leading to a localised realignment (in Australia) of limits being deployed by insurers,” Aon says. “Some Australian insurers have carefully contracted the amount of capacity they will deploy, and in some instances, insurers have withdrawn from the class of insurance.”

The global cyber insurance market will grow from $US5.5 billion ($7.15 billion) last year to $US14 billion ($18.19 billion) in 2022, Aon predicts.

“Much will play out over the coming 12 months,” Aon says. “We have already seen some markets proactively restrict coverage around this topic for those organisations that cannot convince markets that their security programs adequately address ransomware risks.”

It calculates a 500% increase in average insured losses since the start of 2017 and reveals a 350% increase in Australian cyber incidents.

“The malware itself has been truly weaponised since its earlier versions,” Aon says.

Aon’s claims data shows ransomware attacks have increased in both severity and frequency and it says many insurers are forecasting changes to portfolios and possibly coverage as a result of associated losses.

“These types of incidents … are causing the market concern.”

The report describes the number of high-profile organisations to be impacted by cyber events as “now staggering” and says capacity has commenced a “slow but steady retraction globally and locally,” with some Lloyd's markets exiting the space entirely.

Many markets are reducing to maximum line sizes of $US10 million ($13 million), and in some instances half that.

“Underwriting insurer attitudes and underwriting practices are adapting to the velocity and impact of the risk environment,” Aon notes.

Globally, markets are looking to limit the capacity they will deploy. A number of smaller markets have withdrawn as they have insufficient premium pool to manage a portfolio.

“Markets are increasingly empowered to walk away from an organisation that cannot adequately explain their security framework and security investment strategy, both historical and future, or to provide terms that are penal or designed to force improved risk management,” Aon says.

The massive compromise of Texas-based SolarWinds will play a critical role in cyber risk and insurance over the next few years, Aon says, and “may be considered one of the most devastating events in cyber history”.

The operation targeted US Federal Government networks, with hackers gaining entry via a tainted software update and able to monitor internal emails at top agencies in the US for months.

“The theft of investigative tools from a globally recognised cyber security and forensics firm, as part of the SolarWinds compromise, is likely to lead to improved hacking tools in the hands of cyber criminals,” Aon warns.

Another focus this year will be supply chain exposure, which will be increasingly scrutinised as insurers start to grapple more fully with ransomware.

“Supply chain exposures are critical to cyber markets as it speaks to a potentially unknown aggregation impact,” the report warns.

Increased working from home arrangements have provided an opportunity to exploit additional vulnerabilities in organisations’ security. This dynamic is “shifting at terrible speed”, with recent reports emerging of a $US50 million ($64.98 million) ransomware demand against a hardware/electronics company, Aon says.