Wordings Advocate, Marsh
Due to the transitioning insurance market in the UK and other parts of the world, the insurance industry has seen pricing increase and more focus on policy coverage. In particular, new or revised exclusions have been applied to policies. This began in 2019 and was exacerbated by the COVID-19 pandemic and its potential impact on insurers' results.
Global commercial insurance pricing increased 22% in the fourth quarter of 2020, according to Marsh's Global Insurance Market Index—2020 Q4.
This was the thirteenth consecutive quarter in which pricing increased. The increase, the largest since the index was launched in 2012, follows year-on-year average increases of 20% in the third quarter and 19% in the second quarter. Although the global index increased 22%, the index shows that price increases may be starting to plateau for some lines of insurance in certain geographies. For example, property insurance and directors and officers (D&O) insurance pricing in the US shows signs of moderating, and similar trends can be seen in certain property and casualty lines in Continental Europe and Latin America and Caribbean (LAC). Regionally, Continental Europe, Asia, and LAC have now experienced moderate levels of price increases for three quarters.
Although regional markets are withdrawing from certain classes and occupancies, there is an increase in capacity in the London market, which can be accessed via a wholesale broker.
Cyber; communicable disease; and riot, strike, civil commotion, and malicious damage (RSCCMD) are all areas that insurers are reviewing, and in some cases restricting, the coverage provided by the "all risks" policy. Organisations that proactively engage with their broker and insurance markets on these three areas well ahead of any renewal date are in a better position to fully understand and, in some cases, mitigate the challenges these market conditions pose.
Below is a summary of how coverage of these perils has shifted, and will continue to shift, within all risks placements.
The London market has imposed more restrictive cyber exclusions on property policies since renewals at 1 January, 2020. This was driven by guidance from the UK insurers' regulator, the Prudential Regulation Authority (PRA).
The regulator's document (Supervisory Statement | SS4/17) raised concerns around non-affirmative or "silent" cyber risk, that is, cyber risk that is not explicitly covered or excluded in the policy. In particular, the regulator was concerned by the significant unquantified exposure of silent cyber, and the possibility that these risks were covered without appropriate premium and adequate capital provision. The regulator asked insurers to affirm the coverage by explicitly including or excluding cyber risk. The market has, as a result, opted to further restrict the coverage they will provide.
Previously, cover was provided by the NMA2914 and NMA2915 for fire and explosion as perils resulting from cyber risk. However, in response to the PRA's guidance, the Lloyd's Market Association (LMA) issued two new clauses — the LMA5400 and LMA5401. These exclusions split cyber risks into two categories, which materially affects the coverage provided. These clauses are not mandated by Lloyd's, although at the moment both Lloyd's and other London insurers are consistently applying these to all property placements.
The two categories referred to are malicious cyber acts and non-malicious cyber incidents. A "cyber incident" includes non-malicious events, such as errors in processing or failure to use a computer system. Meanwhile, a "cyber act" refers to unauthorised, malicious, or criminal acts, which would include actions by hackers. Due to the definition of "cyber act" used, there is potential for this to be interpreted to also include unauthorised acts by employees.
The LMA5400 provides no cover whatsoever for fire or explosion resulting from a malicious cyber act, which means that the LMA5400 is more restrictive on this point than the NMA2914 (which did not distinguish categories of cyber risk). However, the LMA5400 is intended to respond to fire or explosion that results from a cyber-incident.
Both the previous and new cyber exclusions also set out the valuation of media and the data contained on such media (where such media suffers physical damage). Whereas previously the NMA2914 provided cover for the reproduction of data (following insured damage) subject to a sub-limit, the LMA5400 is limited to the repair or replacement of the media and the cost of copying data from backups — with no reproduction costs. This is an additional limitation compared to the NMA2914, as reproducing or recreating data could be costly. Meanwhile, the clause LMA5401 is an absolute exclusion, with no cover for either cyber acts or cyber incidents and should be avoided whenever possible.
How much of a difference do these exclusions make in practice? Property policies only ever provided limited cyber cover, and were never intended to cover actual "cyber risks"; however, the NMA2914 was relied upon by insureds (particularly those with automated processes) for coverage of fire and/or explosion caused by a cyber event.
It's worth noting that on March 19, 2020, the LMA issued the LMA5426 (intended for use on power risks), which does include an additional buyback for machinery breakdown (in addition to the fire and explosion buyback contained in the LMA5400), which may open the door to discussions with insurers around applying this buyback to property all risks policies.
There is also the potential to explore standalone cyber risk cover, which goes beyond coverage of physical damage, although these policies can be expensive.
As a response to the global pandemic, the LMA issued several communicable disease exclusions in March 2020. These included the LMA5393, for use on property policies and issued on March 25, 2020, just two days after the UK is generally considered to have entered lockdown.
The LMA5393, along with other subsequently issued clauses, excludes all communicable disease, and threat or fear of communicable disease. What is concerning about the LMA5393, however, is the exclusion of losses "occurring concurrently...with communicable disease". Taken to extremes, this could be read to exclude every loss occurring during the current global pandemic. The LMA5397 (issued April 29, 2020) doesn't use the words "occurring concurrently with". Instead, the clause specifies that losses must result from or be contributed to (even indirectly) by a communicable disease. We believe that the absence of the words "occurring concurrently" in this clause (and other, later clauses) is beneficial as it avoids the potential for an overzealous interpretation of this exclusion.
A more recent development is the release by an insurer of a clause that explicitly states that listed property damage perils are covered, although the clause still does not provide cover for communicable disease itself.
Many markets are using the LMA clauses, although some are using their own clauses, many of which have broader exclusionary language.
The global insurance market is seeing significant changes in how property insurers underwrite RSCCMD risks. The size, duration, and geographical spread of riots in recent years – particularly in Chile, Hong Kong, and parts of the US – have shown vulnerabilities to existing underwriting models.
In territories such as Hong Kong and Chile, insurers are imposing exclusions for these perils in the all risks market. This philosophy is spreading to many other parts of Latin America. In other geographies, insurers' approach is more specific to risk and industry/occupation, but exclusions or sub-limits for such perils may be imposed depending on the territory of the risk, the location of the property, and, in some cases, on the insurers' underwriting philosophy.
Standalone coverage is available for these perils within the political violence market, although insureds should work with their broker to understand how a PV policy would work together with their all risks policy. In particular, care needs to be taken to understand (and where possible, minimise) any coverage gaps/grey areas between the all risks policy and the PV policy, in order to avoid disputes and/or delays in claims settlement.
PV policies operate on a named perils basis, so care needs to be taken to avoid any potential gaps between the all risks and PV policies. For example, the PV policy may define "malicious damage" as damage committed for "political, religious, ideological, or similar purposes." If markets exclude all malicious damage from the all risks policy, without linking this to the motivations mentioned above, there could be a gap in coverage. Petty vandalism is not carried out for ideological reasons, but may not be covered under the all risks policy if the malicious damage exclusion is too broad.
Additionally, under a PV policy, limits will be aggregated. Consideration needs to be given to any property damage and business interruption extensions – the PV market may be unable to mirror some of the coverages provided under the all risks policy. Also sub-limits and time/distance limits may be lower than those provided by an all risks policy.
In order to mitigate premium increases and successfully navigate a changing insurance market, we have worked with clients on the following key strategies:
Wordings Advocate, Marsh