Insurance Day is part of Maritime Intelligence

This site is operated by a business or businesses owned by Maritime Insights & Intelligence Limited, registered in England and Wales with company number 13831625 and address c/o Hackwood Secretaries Limited, One Silk Street, London EC2Y 8HQ, United Kingdom. Lloyd’s List Intelligence is a trading name of Maritime Insights & Intelligence Limited. Lloyd’s is the registered trademark of the Society Incorporated by the Lloyd’s Act 1871 by the name of Lloyd’s.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By


Ransomware is returning with a vengeance: Coalition's Ram

With ransomware attacks increasing in frequency and severity, cyber insurance rates may begin to harden again, Coalition’s Shawn Ram predicts

The cyber market is entering a new phase, with two areas of focus – systemic risk and the Lloyd’s cyber war exclusion – US-based managing general agent's head of insurance, Shawn Ram, says

The cyber market is undergoing a growth spurt, according to Shawn Ram (pictured), Coalition’s head of insurance.

Speaking to Insurance Day, Ram says “the year of the breach”, which was the main characteristic of the cyber market a decade ago, was replaced with concern about funds transfer fraud. Today, the hot topic is ransomware, which increased tremendously during the pandemic.

“For actuaries, ransomware is very different from breaches,” Ram says. “Historically, a breach would mean all kinds of work for lawyers and jurisdictions, potentially resulting in a class action lawsuit. It was this long movement to ensure a payment. With ransomware, threat actors demand payment within a few days. That means a full-limit claim occurs in a week, whereas a breach would take months for that to process.”

For obvious reasons, ransomware attacks emanating from Russia and Ukraine subsided somewhat last year, just as re/insurers expected they would. As the war between those two nations has continued, Ram says these cyber threat groups have been “redirected towards driving profit” and ransomware is returning.

It is expected to increase this year, he adds, with an inevitable hardening impact on cyber re/insurance rates.

Ram says: “Cyber hardened over the past two years and, as rates got to a point where they were believed to be sufficient, new capital entered the marketplace and appetite to write cyber grew. As a result, rates have begun to soften again in the past one to two quarters.

“What’s interesting is now ransomware is coming back and its frequency and severity are increasing, I expect rates to moderate and even to increase in the coming quarters.”

Initially launched in 2017 as a managing general agent (MGA) that specifically targeted small to medium-sized enterprises – a market traditionally underserved by cyber insurers – Coalition has had its own series of growth spurts.

It has offered excess-of-loss cyber products in the US since 2020 and Canada since 2021. In September 2022, it launched in the UK and, the following month, it announced the formation of Ferian Re, an independent Bermuda-based reinsurer that will provide capacity across Coalition’s cyber programmes.

In January this year, Coalition launched its own admitted insurance carrier in the US – Coalition Insurance Company (CIC) – which Ram says will provide the cyber market with “as much capacity as needed”.


Two main issues

There are concerns, from a capacity standpoint, about two “very prolific” issues, Ram says.

The first one is systemic risk. “There’s a tremendous amount of disparity around beliefs regarding what systemic risk is, likely because we haven’t really had a systemic event in cyber. It’s hard to model and the beliefs about what it is, how big it would be and what impact that would have on the cyber insurance community are all open to debate,” Ram says.

“In insurance, when you don’t understand something really well, there’s high deviation and so the manner in which reinsurers and retail insurers price for that is quite broad.”

The second topic is Lloyd’s cyber war exclusion.

“With Lloyd’s putting that line in the sand and some carriers adopting it and others not adopting it, it’ll be interesting to see how that plays out,” Ram says.

There are parallels to be drawn between cyber risk and property risk, Ram says. In cyber, as in property, systemic risk (also known as catastrophic risk or aggregated risk) contrasts with attritional risk.

He says: “Attritional would be a risk that affects one customer – for example, a malware event with one customer impacted. A malware event where many customers are impacted is systemic or catastrophic. With property, that would be the difference between having a fire that impacts one home and a hurricane that impacts an entire city.”

As re/insurers and brokers learn more about cyber risk, this product will break out into different types of lines. “Some of that’s happening already, if you split the world into standalone cyber policies and packaged cyber policies,” Ram says.

“Rather than package cyber with property/casualty, companies recognise there’s more value in purchasing a standalone cyber policy. There are still tens if not hundreds of thousands of cyber endorsements added to policies, but with the increasing desire to purchase standalone policies, you’re seeing a lot of additions to cyber. It’s common to purchase technology errors and omissions alongside cyber; it’s common to purchase miscellaneous professional liability with cyber. The potential evolution occurring in cyber is where you have an attritional cyber policy and a catastrophe cyber policy in larger markets.”

Thanks to the “disparity” regarding catastrophic risk, investors are very interested in cyber, Ram continues. “At Coalition, we’ve raised more than $700m, so we are one example of the evidence of that point.”


Technology and cyber

Last month, Coalition launched the next generation of its cyber risk management platform, Coalition Control. The platform combines cyber risk monitoring, assessment and quantification tools with third-party risk management and assistance powered by artifical intelligence (AI) to provide what Ram says is “unparalleled risk management capabilities to organisations of all sizes”.

In terms of technological developments on the horizon, Ram says everything boils down to data.

“When you bring a large data set to a problem, large language models, AI, machine learning are all very useful tools in terms of analysing the quantity of information and making fact-based decisions to improve risk”
Shawn Ram

“There’s more data associated with managing cyber risks than ever before and I could argue there’s more data associated with cyber than any other product line because of how prominent and how vast the internet is – hundreds and hundreds of millions of IP addresses around the world, whether an IPv4 or IPv6.

“The ability to capture that data and use it is a tremendous advantage in cyber with respect to underwriting. However, the scale of the data is so significant I do believe current large language models will aid and help insurance companies better underwrite cyber and help policyholders better assess their cyber risk and manage against that.

“That is a tremendous opportunity: when you bring a large data set to a problem, large language models, AI, machine learning are all very useful tools in terms of analysing the quantity of information and making fact-based decisions to improve risk.”


Where next for growth

Ferian Re is capitalised with about $300m from an investor group led by funds managed by BDT Capital Partners.

Bermuda is an interesting cyber market, Ram says, and new capacity is expected to flow in there, “given where rates are at in cyber”.

“The nuance in Bermuda is some of the capacity there came from reinsurance carriers that brought in their appetite and were able to offer more capacity on re­insurance placements,” he adds.

Coalition’s focus as an MGA is writing premium directly to policyholders and brokers. It currently has 160,000 customers.

“We’re in the middle of our evolution,” Ram says. “Currently we write in the US, Canada and the UK, but we will expand geographies.”

Coalition began writing accounts of up to $5bn in revenue in February this year, up from its initial cap of $1bn.

CIC is a “really significant” part of the company’s evolution, Rams stresses. CIC, which received an A- rating from AM Best, expands Coalition’s available capacity in the cyber insurance market and enables its transition to a full-stack insurance organisation. “We’re writing directly on our own paper and wrapping up filings across all 50 states at the moment,” Ram says.

On Coalition’s growth target, Ram points to the “very interesting confluence of events” occurring at the moment. “Cyber is one of the most pervasive risks in society today and the epidemic of ransomware has certainly heightened visibility around cyber security, and cyber hygiene around the world and so more companies are aware of cyber-related risks today than ever before.

“Having said that, you have this interesting dynamic where, because of this heightened risk, prices have dramatically increased. Along with that, capacity has increased and so I think you have some companies that are debating the value of cyber products, given how expensive it’s become.”


Educate to grow

Ram does not believe the cyber market is yet at a point where capacity is sufficient to meet demand.

He says: “The nature of education needs to increase around cyber. The nature of how companies buy property insurance today should, I believe, coincide with the manner in which they buy cyber. In this digital age and the significance of technology use driving economic growth, most people believe their data and information are more valuable than their tangible property, yet we insure property far more significantly, so I think the trends around buying cyber will increase in a tremendous way.”

A big focus at Coalition is the value it provides outside the core insurance product, from a risk management standpoint. “This is critical for maintaining the growth cyber has had,” Ram says. “Cyber has been one of the fastest-growing products for years and I think that will continue, as long as we maintain the value in accordance with the demand.”

Related Content





Ask The Analyst

Ask The Analyst - Ask Your Question Send your question to our team of expert analysts. You can: • Ask for background information on/explanation of articles in Insurance Day * • Find out more about our views on industry developments • Ask for an interpretation of market trends • Source supplementary data relating to articles • Request explanations to further your understanding of current issues (* This relates to any Insurance Day that is included as part of your subscription) We will do the research and get back to you personally with the information you need.

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts