Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Insurance market for cyber property risks is ripe with opportunity

Reprints

More insurers are covering the “Internet of things,” or damage to property created by cyber breaches and other issues that fall between traditional property and cyber coverage.

While just a handful do so so far, they include American International Group Inc., which last year introduced CyberEdge, enhanced cyber coverage that addresses gaps in property, casualty and other insurance where cyber-related exposures may be limited or even excluded.

There is about $300 to $350 million in capacity for such coverage, said Peter Foster, New York-based senior vice president of network security and privacy, media, tech professional and intellectual property at Willis North America Inc.

“It's fairly new, and it's looking to close that gap” between business interruption coverage under a property form and cyber policies, he said.

Not many insurers have entered the market so far, said Kevin Kalinich, Chicago-based global practice leader of cyber risk solutions at Aon Risk Solutions, which has been involved in this area. The market is developing slowly because many insurers separate their property, cyber and crime business, he said.

“We've had to break down the barriers” of this siloed approach. There is a need for such coverage when malware causes property damage, such as a remote-control truck hitting and injuring someone, Mr. Kalinich said.

Lacking 20 years of data on automated systems is another factor “that makes (insurers) a little bit hesitant if they have to take a leap of faith and use the best modeling they can” said Mr. Kalinich.

The market is developing, said Emily Freeman, Lockton Cos. L.L.C.'s San Francisco-based risk management cyber and professional liability specialist for the broker's global technology and privacy practice.

“I see that insurance is becoming more relevant to the large operational risks raised” by data breaches and computer networks, she said.

Insurers are moving toward covering cyber-related damage in the energy delivery and utility industries, which is somewhat unique in that there is not a “neat delineation” between the physical and the nonphysical, said J. Andrew Moss, a partner at Reed Smith L.L.P. in Chicago.

For example, he said, damage to an electrical utility's cyber system can lead to a fire.

“Traditional cyber liability coverage usually stops at the physical world. It's really designed to respond to risks in the intangible world,” Mr. Moss said.

Tracie Grella, New York-based head of professional liability of global financial lines, said AIG has not yet bound a CyberEdge policy, although it is “just about ready to.”

The insurer offers $100 million in capacity.

“We've had a lot of interest from clients, and quite a few submissions, but it's a very new way to look at things.” It “takes time for clients to get an understanding of what they currently have in place,” Ms. Grella said.

Laila Khudairi, London-based underwriter at the Tokio Marine Kiln Group Ltd., said the insurer offers $25 million in cyber-related damage coverage, with the deductible varying based on the client.

“The demand is increasing, but it's still relatively low because at times the property insurers will include the coverage,” she said of the coverage offered for about two years, primarily to utilities.

Rick Welsh, London-based head of cyber insurance at Aegis London, the U.K.-based subsidiary of energy industry mutual insurer Associated Electric & Gas Insurance Services Ltd., said Aegis also offers difference-in-conditions coverage for cyber-related property damage and has $50 million in capacity.

“It may be easier to address that exposure through some existing platforms as opposed to introducing a new product,” said John Coletti, New York based head of XL Group P.L.C.'s North American cyber and technology business.

“I think that's something that can be dealt with in a general liability offering, and even the existing cyber polices could be expanded, or language could be introduced on those policies to pick up Internet of things exposures,” Mr. Coletti said. “I don't see the need for a separate stand-alone policy.”

The need for a separate policy depends upon whether other types of coverage exclude cyber-related damage, said Timothy C. Francis, second vice president at Travelers Bond & Financial Products in Hartford, Connecticut.

Industry conversations on the topic are just beginning, he said.

Read Next