Login Register Subscribe
Current Issue

Cyber insurers expand coverage, cut prices

Reprints

The cyber insurance business is robust, with healthy competition, broader coverages and more capacity, experts say.

Furthermore, with no major recent data breaches, rates are going down in at least some cases by as much as 5% after a period of hardening rates resulting from well-publicized data breaches.

There is generally around $400 million in capacity available, they say, although larger towers are being created.

Experts also note that new entrants in the market, which include Lloyd’s of London syndicates, domestic and Bermuda insurers, and managing general agencies, often enter the market at the excess layers, which is relatively more competitive than the primary layers.

Business interruption coverage, while presenting some challenging underwriting issues, is readily available, while there is more interest in offering coverage for cyber-related property and casualty losses, or the internet of things.

The segment continues to attract new buyers, with little if any naïve capacity, most experts say. In general, the coverage remains heavily manuscripted and is expected to remain so for the foreseeable future.

The market continues to be robust, with a “tremendous amount” of investment dollars going to cyber-related insurance as well as cyber analytics, cyber data and cyber security, said Shawn Ram, San Francisco-based executive managing director, Western regional manager and national technology practice leader at Crystal & Company.

“After a couple of years of some volatility in terms of rates and capacity, there is now a lot of stability,” said Christian Hoffman, national practice leader of Aon Risk Solutions’ financial services group in New York, although pricing is “fact-specific,” he said.

“We’re seeing decreases in some areas, but they are decreases against a hardening we saw a couple of years ago,” which was driven by data breaches, said Robert Parisi, managing director and national cyber product leader at Marsh L.L.C. in New York. “It still hasn’t softened back to what it was five, six years ago,” but clients are getting broader coverage, he said.

“There’s a lot of pressure on smaller businesses and medium-sized business for sure,” said Adam Cottini, managing director of insurance and risk management in North America at Arthur J. Gallagher & Co. in New York. “On the larger-sized business, there is some rate pressure, but not for every class of business.”

Capacity is readily available, particularly for large buyers, said Tim Francis, Hartford, Connecticutbased president and enterprise cyber lead at Travelers Cos. Inc., adding that “$50 million is becoming $100 million, and $100 million is becoming $200 million.”

Typically, insurers are willing to deploy no more than $10 million in capacity at a time, said Emily Lowe, Boston-based vice president, FINEX North America for Willis Towers Watson P.L.C. A total of $350 million to $400 million in capacity is readily available, said Ms. Lowe, who added that she has seen $500 million programs as well.

There is little naïve capacity, say most experts. Insurers who want to deploy capacity, but do not have the talent or aptitude to do so, are partnering with insurers that are well-versed and understand the business, Mr. Cottini said.

“No one is coming in and aggressively writing primary for the average market,” said Dena Cusick, Charlotte, North Carolina-based national technology, privacy and network risk practice leader at Wells Fargo Insurance Services USA Inc.’s professional risk practice.

However, Ben Beeson, Washington-based cyber risk practice leader at Lockton Cos. L.L.C., said the large amount of capital that has come into the market this year “may raise an eyebrow to some people because there’s still a lack of actuarial data and still a big problem to be resolved” with respect to risk aggregation and “how best to tackle that.”

“Some might argue that we’re in a bit of a bubble again” and that a major loss will lead to a correction, Mr. Beeson said.

Meanwhile, this year is the first “that the market really started to understand that our clients are facing cyber risk issues broader than data,” including the internet of things, which gives rise to broader consequences, including bodily injury and property damage, said Mr. Beeson. For instance, a cyber attack using internet-connected devices led to dozens of major websites becoming unavailable last month.

Experts say they expect the coverage to remain largely manuscripted, at least for the near term.

Dave Molitano, Boston-based senior vice president and a cyber liability underwriter for OneBeacon Insurance Group Ltd., said he can foresee terms and conditions becoming more standardized, but “everyone using the same form is a long way off.”

“There’s still a lot of manuscripting. I don’t think that’s going to go away,” Mr. Parisi said.

But enhancements first negotiated for large risks are now filtering down and becoming standard coverages in the middle market and Main Street types of risk, he said.

There are also now many first-time buyers from a growing number of different industries, and it is less common to hear of household names that do not have the coverage, said Travelers’ Mr. Francis.