The demand for stand-alone cyber insurance policies is “dramatically rising,” according to a new marketplace report from Willis.
Capacity is being reduced by some carriers, but limits available in the market are about $400 million.
As demand increases due to increasing awareness of the possibility of a cyberattack and its cost, and as capacity decreases somewhat, cyber renewals for primary coverage are up 10 percent, with larger increases for excess layers of coverage, said Willis in its 2015 Marketplace Realities Spring Update.
And businesses with point-of-sale system exposure can expect 10-125 percent increases in primary premiums as well as more expensive excess coverage due to claims hitting these layers. Breaches of POS systems at retailers, restaurants and hotel chains have dominated the headlines–with attacks at Target, Home Depot, Michaels, White Lodging, and PF Changs.
But for POS-linked companies, first-time buyers can still get favorable pricing and terms but not as friendly as before the insurance marketplace developed a firmer grasp on the potential for paid losses due to industries’ breach experiences.
Eleven of the top 15 largest breaches of all time occurred in 2014, Willis said. “In 2014, 761 unique cyber breaches led to theft or compromise of [more than 83 million] individual records. Preventable breaches continue to decrease, while breaches involving hackers/organized crime and rogue employees increased. As a result, claim severity has spiked dramatically.”
Turning to underwriting, Willis reported a demand for additional information from clients, including third-party security experts. Cloud exposure continues to be managed, with some doing so via policy language and aggregation of limits.
Looking through the rest of the report provides some additional insight into cyber demand. Most general liability policies are utilizing cyber exclusions to “clarify that if a cyber event triggers the GL policy, coverage will only apply to third-party bodily injury or third-party property damage claims.”
“These developing trends reinforce the value of broad, stand-alone cyber insurance coverage,” Willis said.
Cyber risks are also addressed in the report’s Directors & Officers portion, as cyber remains a key focus area of regulation and enforcement. Cyber is additionally mentioned in the Terrorism and Errors & Omissions sections. For E&O, Willis reported: “The market seems to be considering the effect of large data/privacy losses from the retail sector and other large technology losses. Higher quotes have been issued by some carriers, but the long-term effects of these events are still undecided. The losses have mainly affected cyber for the retail sector and the increases have been in the 15 percent to 20 percent range in lower layers of retail cyber towers.”