Opportunities in Cyber

As a line of business, cyber insurance seems to have many legs.

Once considered a threat to information and technology-based businesses, cyber liability is now considered a risk to any business. From healthcare to government agencies to small businesses and beyond, cyber risk is broadening in both scope and impact.

In response, the cyber insurance market also is widening. According to The Betterley Report, premium volume figures for cyber are tough to pin down, but its analysis puts annual gross written premium at close to $4 billion as of June 2017 – a significant increase over the 2016 total of $3.25 billion.

That figure surprised even the author of the report, as premium rates for cyber remain low. Businesses that have experienced a cyber event know full well the reasons for such interest in cyber insurance. According to the 2017 NetDilligence Cyber Claims Study, companies with less than $50 million in revenue accounted for 47% of cyber claims. The average total cost of a breach was $394,000.

For cyber insurers, business is booming. So says John Coletti, chief underwriting officer of North America Cyber business for AXA XL, who notes that the fast-paced growth in the market is highlighted in a Munich Re report that predicts a doubling of the cyber insurance market by 2020. “According to the report, companies could more than double their cyber insurance spending from $3.4 billion to $4 billion annual in 2017 to $8 billion to $9 billion by 2020,” he says.

Betty Shepherd, divisional senior vice president for Great American Insurance Group Cyber, says that, despite the crowded market, new capacity is entering the space at a “fairly consistent pace. The market is yet to have consistency in terms of policy language, and we are still working on obtaining actuarially sound data from a pricing perspective.”

With approximately 75 insurers in the cyber market, Coletti says coverage is comprehensive and extends to business interruption and contingent business interruption, with broadened triggers for system failure as well as cyber extortion and ransomware, media liability, coverage for regulatory investigations and associated fines or penalities, and coverage for PCI (Payment Card Industry) fines and/or penalties.

Insurers, he says, also are giving insureds access to breach response teams, consulting resources, and risk management services to build prevention strategies. “For small to mid-sized companies, which may not have comprehensive information security teams, access to the value-added prevention and response services provided by cyber insurance can be as valuable as the coverage itself,” says Coletti.

Whether a business is small, mid-sized, or large, Shepherd says there’s no lack of product. “There is a multitude of innovative and creative product offerings in the market today, and some newer entrants are looking to sell technology along with the insurance contract,” she comments.

As for competition, Tim Francis, enterprise cyber lead at Travelers, says there’s plenty of it, but there’s also plenty of growth opportunity because of what he says is a large number of companies that still are not protected. That opportunity, he adds, is fueling the increasing number of coverage options.

Those options, according to Jeremy Barnett, senior vice president of marketing and business development for NAS Insurance, now include exposures such as bodily injury, property damage, more devices and systems, and more comprehensive IT services. Even so, pricing is not expected to increase. “Given the number of new underwriters and carriers in the cyber market, there has been constant downward pressure on premiums, even as the coverage and services grow,” Barnett says.

Others also point to an influx of carriers that are looking to gain a foothold in the space. “We are seeing a number of new entrants into the cyber market, and they continue to keep the market very competitive from a price and coverage standpoint,” says Ellie Feldman, managing director at Wingman Insurance. “2018 has continued the trend of expanding coverage offerings, particularly in the small business space. New to the market has been an emphasis by both customers and carriers on pre- and post-breach services and risk management offerings.”

Evan Fenaroli, cyber product manager at Philadelphia Insurance Companies, foresees a continuation of both the competition and the growth. “A lot of carriers view it as a way to grow top-line revenue, and as a result, pricing has been kept down and there’s a lot of capacity. On the other hand, it’s also been relatively profitable for carriers, so they’re trying to get into the space and trying to stay competitive by bringing pricing down or keeping it flat.”

Fenaroli sees a continuation of the crossover of traditional fidelity and stand-alone cyber coverages. Cyber carriers, he says, are including first-party losses that typically are covered under crime policies. “Because cyber crime is usually perpetrated electronically, cyber markets are adding it to their cyber policies.”

Claims Landscape

Cyber threats continue to evolve and grow in scope. According to the 2018 Hiscox Cyber Claims Report, the company saw a 1,700% increase in claims made against its cyber policies from 2013 to 2017 (global claim data). The report cited ransomware as the largest source of cyber-related claims for 2017.

Travelers’ Francis concurs. “Ransomware continues to be the leading cause of cyber-related claims that we receive. I wouldn’t say any specific job or customer type drives it; any company that uses technology in any aspect of its business – which is the vast majority – has exposure to a cyber event. The more reliant they are on technology, the greater the risk and consequences.”

The challenge for agents and brokers, Francis adds, is in how to identify the vulnerabilities and mitigate the risks effectively. Appropriate coverage, strengthening network security, and employee training can help, he says.

In fact, the human factor is what Coletti says is driving much of the ransomware claims. “Education of employees is of paramount importance,” he asserts. “By capitalizing on the proactive resources offered with many cyber insurance policies, companies can be better prepared to recognize a suspicious email and potentially thwart a ransomware claim and/or a business interruption loss.”

It’s a critical step in an atmosphere where ransom demands are higher and where cryptocurrency is the preferred ransom demand. Coletti says it’s important for companies to have a forensics provider on board to handle cryptocurrency ransom payments, particularly given the history of such ransom demands. “WannaCry and NotPetya infected hundreds of thousands of computers around the world in 2017 and led to approximately $4 billion in economic losses. And we’re only starting to see the class action potential. For instance, one healthcare records vendor was recently hit with a class action suit,” Coletti adds.

Such uncertainty seems to be keeping insurers in preparation mode, thinking of the potential attacks and ultimately the costs of a breach. From social engineering to ransomware to W-2 scams, Francis says cyber events are getting pricey. “Costs related to cyberattacks can easily exceed $10 million, sometimes more,” he says. “Even though there is always a chance for a company backed by even the strongest network to suffer a breach, implementing the appropriate safeguards with the help of an agent or broker might mean the difference.”

What those safeguards should be depends to a great extent on the particular industry, says Barnett. He cites healthcare as an example. “The largest driver of a cyber claim (according to NAS data) is employee negligence. While this is mostly related to accidental exposure of patient data, it also relates to employees clicking on links or downloading malware to computers that then cause siginificant interruptions or security breaches.”

Other industries, Barnett adds, are seeing automated ransomware attacks that are “wreaking havoc with businesses of all sizes. Of particular note, NAS has seen the continued impact of cybercrime on small to medium-sized business where the average cost of a claim is now over $100,000.”

Among the top claim drivers Shepherd identifies are employee and vendor negligence, phishing, hacking, and lost or stolen devices. She suggests that agents and brokers inform clients about the common claim drivers they can expect. “Also important is educating clients on how to prevent and mitigate these drivers with data inventory and retention procedures, employee awareness programs, and contractual indemnification requirements for vendors,” she advises.

Citing plenty of analytical data that shows an increase in ransomware claims, Feldman says new customers are starting to recognize the need for coverage, and existing customers are pushing for better coverage and claim handling. “We are also seeing more business owners interested in educating employees on better cyber security practices to prevent these types of claims.”

Another loss driver, she says, is business interruption, and that’s a trend she expects to continue. “As claims handling processes continue to improve, the key for agents and brokers is to educate insureds on the importance of reporting problems early. To keep cyber claim costs down, the faster the carrier can deploy its resources, the lower the overall claim should be.”

As for what’s on the horizon, the Hiscox report reveals an increase in cryptojacking: a hacker breaches a computer system and then installs data mining software, often without being detected. One Symantec study reports cryptojacking instances were up by 8,500% as of the end of 2017.

Also, scams that involve employees transferring funds to an unauthorized third party seem to be trending upward, says Shepherd. As for how insurance is responding, Shepherd says agents and brokers should keep an eye on legal trends. “There have been some recent court decisions surrounding whether this type of loss is covered by the computer fraud coverage found under a crime policy (e.g. Medidata and American Tooling Center).”

Advice for Agents and Brokers

Despite increased cyberattacks, agents and brokers are challenged to persuade clients to take the threat seriously. “one of the biggest hurdles to selling cyber continues to be that many companies do not see the risk to them,” says Feldman.

She suggests that agents and brokers use industry data on claims, breaches, and market trends for the client’s industry to induce it to buy cyber coverage. “Further, agents who ask insureds: ‘Would you know whom to call in the event of a data breach?’ can emphasize the value added to a cyber policy by having breach coaches, claims departments, and pre-vetted vendors ready to be deployed at a moment’s notice to get a company back up and running as quickly as possible.”

That approach can be effective with businesses that are on the fence. So can having a solid understanding of the coverage and the carriers. “Every business will have unique exposures, so building good relationships with carriers that can protect those vulnerabilities becomes important,” says Francis.

It’s also important for agents and brokers to make cyber coverage part of the overall conversation with their clients. Fenaroli suggests getting businesses used to the idea of cyber coverage as part of their insurance lineup. “Get the cyber coverage as a line item on the client’s risk management or insurance budget. Once the client has had the coverage for one year, the agent can push for higher limits or expanded coverage because cyber risk is now on the business’s radar.”

Because cyber risk encompasses so many different exposures, Shepherd says agents and brokers need to keep in mind that one cyber policy does not fit all. “Agents need to be aware of a client’s cyber risk exposures as well as which policy will help to transfer most of those risks and should use a specialty wholesale broker when needed.”

Coletti says that cyber liability insurance is no longer a nice-to-have coverage but instead is a must-have coverage. “A knowledgeable cyber insurance broker can help companies identify what specific coverages should be purchased and tailor a policy that will address their unique exposures.”

Article By: Lori Widmer

Source: Rough Notes