BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

SEC guidelines drive renewed interest in cyber risk insurance coverage

SEC guidelines drive renewed interest in cyber risk insurance coverage

PHILADELPHIA—The U.S. Securities and Exchanges Commission's recently published guidelines regarding data security disclosure obligations are driving a renewed interest in cyber risk coverage among large, publicly traded firms, a panel of insurance industry experts said this week at the 2012 NetDiligence Cyber Risk and Privacy Liability Forum in Philadelphia.

Prior to last fall, many U.S.-based public companies eschewed the cyber insurance market, electing instead to use their ample reserve funding to self-insure themselves against first-party losses and liability claims stemming from a data breach.

That has begun to change since the October 2011 publication of the SEC's guidance on publicly traded firms' responsibilities to disclose to investors any material cyber risks or loss events, the panelists said.

“We thought this would be the year of middle market driving the growth,” Toby Merrill, a Philadelphia-based vp of professional risk at ACE USA, said during a conference panel discussion. “But since the SEC guidance came out, we're starting to see companies that you never thought would buy this coverage because they can financially support the risk seem to have an increased interest in the product.”

If the SEC's guidance isn't directly responsible for increased purchasing among large firms, it has at least increased awareness of cyber liability among boards of directors, panelists said.

“It either introduces a conversation that hadn't been happening at the board level, or it reinforces conversations that had already begun to take place,” said Shannon Groeber, vp of professional risk at Aon Risk Services Northeast Inc. “Companies are finding that even if they've never felt compelled to purchase this insurance, they need to at least go through their due diligence and make sure that they can justify why they're not going to carry the coverage.”


Panelists said purchasing among mid-market firms has been steady if not slowly ticking upward in the past year. In most cases, panelists said, the increasing visibility of breach events among their market peers was a significant factor in the purchase decision.

“The media does a lot of the awareness building, where middle-market companies can see other firms just like them in the newspapers getting hit with breaches,” said Tom Herendeen, vp of management and professional liability at Philadelphia Insurance Cos.

Looking two to three years into the future, panelists offered divergent predictions for the trajectory of the cyber risk marketplace. Paul Miskovich, underwriting strategy manager for technology, network security and privacy at AXIS PRO, a Berkeley Heights, N.J.-based division of AXIS Insurance Inc., said he expects insurers will begin migrating toward more consistent price points for cyber coverage as a clearer view of claims experience—particularly first-party losses—develops in the coming years.

“We'll start to look at these claims more in the way that we do a property loss, where payment for the loss accrues very quickly, as opposed to liability claims,” he said. “That, perhaps, could lead us to a new development of a first-party-only product, but it will take awhile to develop the loss history.”

Other predictions were more optimistic for policyholders. Ms. Groeber said she believes competition among insurers for new clients, particularly mid-market firms, should bring about more favorable terms and conditions.

“I think we're going to see the markets abandon requirements to sublimit certain coverages, and start to embrace full policy limits for all insureds,” she said. “If the competition continues in the marketplace as it exists today, I think you'll see a push in that direction.”

Read Next

  • The House Cyber Bill

    H.R. 3523, which passed the House of Representatives April 26, would help the private sector defend itself from cyber threats, according to its sponsor, but has been threatened with a veto from the Obama Administration. Read the bill.