Cyber threat actors' tactics, techniques, and procedures (TTPs) are constantly evolving, exposing cyber insurers to an ever-changing loss mix. The shifting claims environment requires insurers to regularly re-evaluate development patterns to accurately assess performance and rate adequacy.
In 2021, Gallagher Re released a whitepaper titled "Cyber IQ: Are Ransomware Claims Causing Over-Reserving?". The paper hypothesised that the transition from predominantly data breach losses to ransomware could accelerate claims development patterns, and the implications for reserving practices.
Since the release of the 2021 white paper, several developments have prompted us to revisit the topic:
- The Underwriting Years (UWY) impacted by ransomware have matured, providing us with additional data to re-test our hypothesis
- The emergence of double extortion tactics may have led to another shift in development patterns
- Prior year loss development (PYD) necessitates a reassessment of the suitability of development tail patterns
In this paper, we explore:
- History & theory: The key shifts in ransomware loss mix and the hypothesised impact on claims life cycle
- Analysis: Drawing on consolidated claims experience covering over $3 billion in Gross Written Premium (GWP) as of Q2 2024, Gallagher Re analyses whether the shifting claims mix is driving a change in development pattern
- Implications: How evolving loss trends affect development pattern selection by UWY, performance analysis, data collection and future reserving strategies
