The Colonial Pipeline ransomware attack, which shut down 5500 miles of pipeline between Texas and New Jersey, has underscored for insurers the significant risks inherent in this line of business, AM Best says.

Insurers lacking the appropriate expertise, ability and controls for cyber insurance risks could be subject to losses outside their risk tolerance, and this may even jeopardise their credit ratings, AM Best says.

“Many insurers are now realising the significant risks inherent in this line of business,” AM Best says in a new report, Colonial Pipeline Attack Throws Spotlight on Cyber Insurance Market.

The Colonial incident, which resulted in gas shortages across the eastern states of the US, highlights the interconnectedness of cyber risk and the importance of cyber security to all business operations, the commentary says.

“The classifications of these events as terrorism, criminal activity or acts of war have different implications for insurance and will require guidance from government entities as clients and insurers navigate these cases,” AM Best director Sridhar Manyem said.

Premiums for standalone cyber policies grew more than 28% last year, reflecting price increases and more clarity on cyber underwriting factors.

In the US, annual premiums grew 19% on average from 2017-2020, while claims grew 38%.

AM Best says this disparity reflects “a steady increase in the sophistication of criminals’ ability to penetrate and disable networks”.

“While premiums in the $US2.7 billion ($3.47 billion) US cyber insurance market have seen healthy growth in recent years, an even greater increase in claims has overshadowed market growth,” the report says.

The escalation in ransomware attacks has forced insurers to re-think their underwriting practices, AM Best said, noting Axa Group recently decided to halt ransomware crime reimbursements in France.