US cyber premium grew about 10% to $US2.03 billion ($2.92 billion) last year, slowing compared with the previous two years when expansion exceeded 30%.

Broker Aon’s latest US Cyber Market Update shows premium from package business grew modestly last year, up about 6%, while standalone cyber premium grew 14%.

Premium for small commercial cyber insurers grew 19%.

“The main cyber story of the 2018 financial year is, arguably, that there was a lack of a story,” Aon Reinsurance Solutions Head of Cyber Analytics Jon Laux said.

A relative bright spot was the small commercial market. Mr Laux says SME risks have been highly desirable for insurers, given cyber claims frequency and severity are both lower in this space.

The findings are based on 184 US insurers that reported direct cyber written premium to the National Association of Insurance Commissioners last year, up from 170 in 2017.

The report does not include US business written by non-US insurers.

“On the whole, cyber insurance was quite profitable for US insurers,” the report says.

The direct incurred industry loss ratio across all cyber policies was 35.4% last year, with standalone reporting 34.4% and package business 36.8%.

The study notes a shift towards higher-frequency and lower-severity claims, including increased activity in ransomware, crypto-jacking and form-jacking claims.

Loss ratios worsened modestly but remained lower than 2015/16 levels. The average claims frequency was 4.2 claims per 1000 policies, up from 3.5 in 2017. That more than offset a fall in claims severity to an average of $US50,401 ($72,578) from $US56,688 ($81,631) in 2017.

Premium per policy decreased slightly due to softening market conditions.

The US market became more concentrated last year, the report says, with the top five cyber insurers accounting for 53% of direct written premium, up from 51% a year earlier.