Skip to main content
Marsh logo

Article

Captive insurers provide alternative for cyber risk financing

Over the past few years, cyber insurance pricing experienced some of the highest increases of any product line, peaking at 133% in the US in December 2021.

Looking up Green forest. Trees with green Leaves, blue sky and sun light. Bottom view background
Person's name and title

By Robert Geraghty

International Captive Consulting and Sales Leader

02/28/2023 · 5-minute read

Over the past few years, cyber insurance pricing experienced some of the highest increases of any product line, peaking at 133% in the US in December 2021. Fortunately, cyber pricing increases have steadily moderated since, with global cyber pricing rising by 28% in the fourth quarter of 2022, compared to 53% in the prior quarter.

As pricing rose and terms and conditions became less favorable for most organisations, many began to explore alternatives to the commercial insurance market, including using captive insurance. The number of Marsh managed captives writing cyber coverage increased by 13% in 2021, and by 127% over the past five years. Primarily the growth comes in the form of single-parent captives and cells. In fact, between 2020 and 2021, 40% of new cell structures managed by Marsh wrote cyber coverage. Marsh now has more than $70 million in cyber premium under management.

The healthcare industry shows the highest use of captives for cyber risk, with 19% of the industry’s captives writing it. Other industries showing increased captive utilisation are financial institutions, retail/wholesale, manufacturing, and construction.

Using a captive to access cyber capacity

A business that sought cyber insurance in the commercial marketplace discovered the coverage it needed was difficult to obtain, as insurers had reduced capacity and raised deductibles. Facing higher costs to buy less cyber coverage than previously, the business turned to a cell.

The business opted to retain and self-fund both its program’s working layer and top layer via a cell in order to obtain the amount of cyber coverage it needed. This strategy enabled the business to buy more affordable commercial insurance for the middle layers, while ensuring an adequate amount of protection for its exposure. Use of the cell also provided a cushion to the business from future changes in insurance market conditions.

So why use a captive to insure cyber risk?

While it’s not a silver bullet, using a captive insurer provides organisations with flexibility and options for their cyber risk management strategy. For example, having cyber coverage in a captive allows them to pivot during or prior to a renewal in three key areas:
slected option

Helps reduce the total cost of risk by retaining an amount of cyber risk in the captive or protected cell. This reduces the reliance on third parties and captures costs and profits that are otherwise “leaked” to insurers. A captive can also be used to lower the cost of cyber liability by obtaining a high deductible cyber policy on the commercial market and “buying down” that deductible.

Creates extra capacity from the captive or cell that may be challenging to find in the traditional insurance market. Also, the captive can provide access to international reinsurers and specialty insurers, which potentially can introduce new capacity, greater competition, and better pricing for cyber risks that are costly to insure or are not typically covered.

Brings the potential to offer broader coverage. A captive can fill gaps in standard policy language, secure coverage for unique cyber risks, and consolidate cyber liability programs across operations.

Captives used to manage cyber risk in excess and primary layers

Many organisations that use a captive as part of their cyber risk management do so in the excess layers. Not only can they potentially fund a larger retention, but putting the excess layer into a captive can make the primary coverage more attractive to commercial insurers. Captives are proven to work on retention layers ranging from US$250,000 to US$200 million, according to Marsh proprietary benchmarking data.

If the primary layer is funded through a captive, commercial insurers in the excess layer(s) will scrutinise the terms and conditions they are following and will want to make sure that the captive’s financials are acceptable. You can also expect them to take a hard look at any third-party administrator (TPA) or claims adjustor that the captive uses.

In either case, excess or primary, a captive can be used to set aside funding for areas in which cyber losses are anticipated.

The captive may also be able to access terms and conditions for additional coverages that the commercial markets may look to exclude, such as ransomware events.

A business faced both large premium increases and a decreasing limit year-on-year despite never having submitted a cyber claim.

The business felt the increases, although market-wide, were unjustified for their program based on a 0% loss ratio. Through its existing captive, the company had built a strong surplus. Having a high risk appetite coupled with a desire to increase control of their coverage and cost, it decided to write cyber coverage in its entirety directly from their captive. With strong cyber risk management in place, the company believed it could significantly reduce costs over time by retaining this risk, while simultaneously diversifying the portfolio of risks retained by its captive.

Conclusion

The ongoing changes in technology and digitisation combined with the ability of cyber bad actors to keep pace means that cyber risk can be expected to be volatile for the foreseeable future. Using a captive insurer or cell as part of your cyber risk finance strategy can help set a steady course no matter the commercial market conditions.

For more information about using captives for cyber or other risks, contact your Marsh representative.

Related insights

Manager is using a laptop computer while analyzing the company's financial statements on the screen.

Podcast

Risk in Context Podcast: Captive benefits transcend company size or market cycle

02/13/2024
People meeting for business

Article

Captive insurance creates options for property market challenges

11/28/2023
Motion speed light trails on night street

Report

Benchmarking report: How does your industry sector utilise captives?

11/03/2023
3d render, abstract paper shapes background, bright colorful sliced layers, purple waves, hills, equalizer

Report

Captive insurer growth continues as advantages pique interest

07/03/2023
View more

This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage. LCPA 23/065

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”