From: Captive Insurance Times

Despite the hardening market and capacity restrictions driving captives as an attractive risk management option for organisations’ cyber risk, sufficient and reliable cyber data for captive insurers remains severely lacking.

This is according to a new market segment report by A.M. Best, ‘US cyber: the hardest of the property and casualty markets’. The report finds that the cyber market continues to grow, citing a 75 per cent increase in direct premiums in 2021.

A.M. Best adds that ransomware attacks, aggregation risks and social engineering scams remain critical challenges for the insurance industry.

The report notes: “Given their flexibility, captive insurers can customise policies that can mitigate the growing threat of these attacks. As a result, parent organisations can more quickly assess the damage and devise a plan of action toward recovery.”

It adds that captives are being utilised as a strategic tool to provide cyber coverage, owing to proximity to the parent company — physically, culturally and enterprise-wide.

However, with the exception of risk retention groups (RRGs), captive insurers do not generally file with the National Association of Insurance Commissioners (NAIC). Statutory filings required on a jurisdictional basis do not tend to demand specific data for cyber programmes.

NAIC data for 2021 found that RRGs wrote around $19 million in cyber premiums with limited coverage, with some pure captives writing multi-million dollar limits and premiums.

The report identifies that many domiciles have shown interest in having captives provide the same level of detail as the NAIC cybersecurity and identity theft insurance coverage supplement to improve future transparency.

In addition, captives are using third-party technology and forensic cyber consultants to help with underwriting, as well as conduct regular monitoring of the parent’s cyber security policies, procedures and testing.