Ransomware is returning with a vengeance: Coalition's Ram

The cyber market is undergoing a growth spurt, according to Shawn Ram (pictured), Coalition’s head of insurance.

Speaking to Insurance Day, Ram says “the year of the breach”, which was the main characteristic of the cyber market a decade ago, was replaced with concern about funds transfer fraud. Today, the hot topic is ransomware, which increased tremendously during the pandemic.

“For actuaries, ransomware is very different from breaches,” Ram says. “Historically, a breach would mean all kinds of work for lawyers and jurisdictions, potentially resulting in a class action lawsuit. It was this long movement to ensure a payment. With ransomware, threat actors demand payment within a few days. That means a full-limit claim occurs in a week, whereas a breach would take months for that to process.”

For obvious reasons, ransomware attacks emanating from Russia and Ukraine subsided somewhat last year, just as re/insurers expected they would. As the war between those two nations has continued, Ram says these cyber threat groups have been “redirected towards driving profit” and ransomware is returning.

It is expected to increase this year, he adds, with an inevitable hardening impact on cyber re/insurance rates.

Ram says: “Cyber hardened over the past two years and, as rates got to a point where they were believed to be sufficient, new capital entered the marketplace and appetite to write cyber grew. As a result, rates have begun to soften again in the past one to two quarters.

“What’s interesting is now ransomware is coming back and its frequency and severity are increasing, I expect rates to moderate and even to increase in the coming quarters.”

Initially launched in 2017 as a managing general agent (MGA) that specifically targeted small to medium-sized enterprises – a market traditionally underserved by cyber insurers – Coalition has had its own series of growth spurts.

It has offered excess-of-loss cyber products in the US since 2020 and Canada since 2021. In September 2022, it launched in the UK and, the following month, it announced the formation of Ferian Re, an independent Bermuda-based reinsurer that will provide capacity across Coalition’s cyber programmes.

In January this year, Coalition launched its own admitted insurance carrier in the US – Coalition Insurance Company (CIC) – which Ram says will provide the cyber market with “as much capacity as needed”.

Two main issues

There are concerns, from a capacity standpoint, about two “very prolific” issues, Ram says.

The first one is systemic risk. “There’s a tremendous amount of disparity around beliefs regarding what systemic risk is, likely because we haven’t really had a systemic event in cyber. It’s hard to model and the beliefs about what it is, how big it would be and what impact that would have on the cyber insurance community are all open to debate,” Ram says.

“In insurance, when you don’t understand something really well, there’s high deviation and so the manner in which reinsurers and retail insurers price for that is quite broad.”

The second topic is Lloyd’s cyber war exclusion.

“With Lloyd’s putting that line in the sand and some carriers adopting it and others not adopting it, it’ll be interesting to see how that plays out,” Ram says.

There are parallels to be drawn between cyber risk and property risk, Ram says. In cyber, as in property, systemic risk (also known as catastrophic risk or aggregated risk) contrasts with attritional risk.

He says: “Attritional would be a risk that affects one customer – for example, a malware event with one customer impacted. A malware event where many customers are impacted is systemic or catastrophic. With property, that would be the difference between having a fire that impacts one home and a hurricane that impacts an entire city.”

As re/insurers and brokers learn more about cyber risk, this product will break out into different types of lines. “Some of that’s happening already, if you split the world into standalone cyber policies and packaged cyber policies,” Ram says.

“Rather than package cyber with property/casualty, companies recognise there’s more value in purchasing a standalone cyber policy. There are still tens if not hundreds of thousands of cyber endorsements added to policies, but with the increasing desire to purchase standalone policies, you’re seeing a lot of additions to cyber. It’s common to purchase technology errors and omissions alongside cyber; it’s common to purchase miscellaneous professional liability with cyber. The potential evolution occurring in cyber is where you have an attritional cyber policy and a catastrophe cyber policy in larger markets.”

Thanks to the “disparity” regarding catastrophic risk, investors are very interested in cyber, Ram continues. “At Coalition, we’ve raised more than $700m, so we are one example of the evidence of that point.”

Technology and cyber

Last month, Coalition launched the next generation of its cyber risk management platform, Coalition Control. The platform combines cyber risk monitoring, assessment and quantification tools with third-party risk management and assistance powered by artifical intelligence (AI) to provide what Ram says is “unparalleled risk management capabilities to organisations of all sizes”.

In terms of technological developments on the horizon, Ram says everything boils down to data.

“When you bring a large data set to a problem, large language models, AI, machine learning are all very useful tools in terms of analysing the quantity of information and making fact-based decisions to improve risk”
_{Shawn Ram
Coalition}

“There’s more data associated with managing cyber risks than ever before and I could argue there’s more data associated with cyber than any other product line because of how prominent and how vast the internet is – hundreds and hundreds of millions of IP addresses around the world, whether an IPv4 or IPv6.

“The ability to capture that data and use it is a tremendous advantage in cyber with respect to underwriting. However, the scale of the data is so significant I do believe current large language models will aid and help insurance companies better underwrite cyber and help policyholders better assess their cyber risk and manage against that.

“That is a tremendous opportunity: when you bring a large data set to a problem, large language models, AI, machine learning are all very useful tools in terms of analysing the quantity of information and making fact-based decisions to improve risk.”

Where next for growth

Ferian Re is capitalised with about $300m from an investor group led by funds managed by BDT Capital Partners.

Bermuda is an interesting cyber market, Ram says, and new capacity is expected to flow in there, “given where rates are at in cyber”.

“The nuance in Bermuda is some of the capacity there came from reinsurance carriers that brought in their appetite and were able to offer more capacity on re­insurance placements,” he adds.

Coalition’s focus as an MGA is writing premium directly to policyholders and brokers. It currently has 160,000 customers.

“We’re in the middle of our evolution,” Ram says. “Currently we write in the US, Canada and the UK, but we will expand geographies.”

Coalition began writing accounts of up to $5bn in revenue in February this year, up from its initial cap of $1bn.

CIC is a “really significant” part of the company’s evolution, Rams stresses. CIC, which received an A- rating from AM Best, expands Coalition’s available capacity in the cyber insurance market and enables its transition to a full-stack insurance organisation. “We’re writing directly on our own paper and wrapping up filings across all 50 states at the moment,” Ram says.

On Coalition’s growth target, Ram points to the “very interesting confluence of events” occurring at the moment. “Cyber is one of the most pervasive risks in society today and the epidemic of ransomware has certainly heightened visibility around cyber security, and cyber hygiene around the world and so more companies are aware of cyber-related risks today than ever before.

“Having said that, you have this interesting dynamic where, because of this heightened risk, prices have dramatically increased. Along with that, capacity has increased and so I think you have some companies that are debating the value of cyber products, given how expensive it’s become.”

Educate to grow

Ram does not believe the cyber market is yet at a point where capacity is sufficient to meet demand.

He says: “The nature of education needs to increase around cyber. The nature of how companies buy property insurance today should, I believe, coincide with the manner in which they buy cyber. In this digital age and the significance of technology use driving economic growth, most people believe their data and information are more valuable than their tangible property, yet we insure property far more significantly, so I think the trends around buying cyber will increase in a tremendous way.”

A big focus at Coalition is the value it provides outside the core insurance product, from a risk management standpoint. “This is critical for maintaining the growth cyber has had,” Ram says. “Cyber has been one of the fastest-growing products for years and I think that will continue, as long as we maintain the value in accordance with the demand.”