Widespread concern and awareness of cyber risks has prompted an uptick in the purchasing trends of cyber insurance, according to a new report from Marsh.
“Insureds in ever-larger numbers sought financial protection through insurance, buying coverage for losses from data breaches and due to business outages,” stated Marsh’s Robert Parisi and Thomas Reagan. “In 2014, the number of US-based Marsh clients purchasing standalone cyber insurance increased 32% over 2013. The cyber take-up rate — the percentage of existing Marsh financial and professional liability clients that purchased cyber insurance — rose to 16%. Early evidence in 2015 shows a continued acceleration in the demand for cyber insurance.”
Clients in the healthcare and education sectors tended to be the most frequent purchasers of cyber insurance, growing from 45 percent of clients in 2013 to 50 percent in 2014. The greatest year-over-year shift occurred in the hospitality and gaming industry, where buying habits jumped from 16 percent to 26 percent, Marsh reported. Hospitality and gaming clients are second-most likely to purchase cyber insurance, at 26 percent, followed by the services sector at 22 percent.
“Other areas that stood out in 2014 included the power and utilities sector, with 47% more clients buying standalone cyber coverage,” stated Parisi and Reagan. “Power and utilities companies frequently cite the risks and vulnerabilities associated with the use of supervisory control and data acquisition (SCADA) networks — which control remote equipment — and the cost of regulatory investigations as driving factors behind their cyber coverage purchases.”
Turning from “who” buys cyber insurance, Marsh examined the reasons why organizations might purchase it. Healthcare and education organizations are classic targets, maintaining wide databases of personal information as part of their businesses. Other organizations reported buying because of board requirements or to protect revenues from cyber-related business interruption. Marsh noted that insurers began offering broader coverage in 2014, including contingent business interruption and cyber-related physical damage and bodily injury coverages.
Cyber insurance prices and availability varied by industry in 2014, according to the report. Retailers and financial institutions, frequent targets for hackers, faced a tougher market. Higher losses meant higher renewal prices for many insureds, from an average of 5 percent to as high at 10 percent. Marsh said that clients in most industries could find limits at an aggregate of over $200 million – with more restrictions for retailers and banks. And all organizations looking to buy found more stringent underwriting in 2014.
“Insureds in the retail sector are being asked about their deployment of encryption and EMV (credit card) technology. And all insureds are now routinely asked whether they have formal incident response plans in place that outline procedures for protecting data and vendor networks and, more importantly, if such plans have been tested,” said Marsh.