Cyber renewals increase up to 10%; much more for point-of-sale exposure: Willis

By Chad Hemenway on April 16, 2015
WillisMarketplaceRealities2015

click for the full report

The demand for stand-alone cyber insurance policies is “dramatically rising,” according to a new marketplace report from Willis.

Capacity is being reduced by some carriers, but limits available in the market are about $400 million.

As demand increases due to increasing awareness of the possibility of a cyberattack and its cost, and as capacity decreases somewhat, cyber renewals for primary coverage are up 10 percent, with larger increases for excess layers of coverage, said Willis in its 2015 Marketplace Realities Spring Update.

And businesses with point-of-sale system exposure can expect 10-125 percent increases in primary premiums as well as more expensive excess coverage due to claims hitting these layers. Breaches of POS systems at retailers, restaurants and hotel chains have dominated the headlines–with attacks at Target, Home Depot, Michaels, White Lodging, and PF Changs.

But for POS-linked companies, first-time buyers can still get favorable pricing and terms but not as friendly as before the insurance marketplace developed a firmer grasp on the potential for paid losses due to industries’ breach experiences.

Eleven of the top 15 largest breaches of all time occurred in 2014, Willis said. “In 2014, 761 unique cyber breaches led to theft or compromise of [more than 83 million] individual records. Preventable breaches continue to decrease, while breaches involving hackers/organized crime and rogue employees increased. As a result, claim severity has spiked dramatically.”

Turning to underwriting, Willis reported a demand for additional information from clients, including third-party security experts. Cloud exposure continues to be managed, with some doing so via policy language and aggregation of limits.

Looking through the rest of the report provides some additional insight into cyber demand. Most general liability policies are utilizing cyber exclusions to “clarify that if a cyber event triggers the GL policy, coverage will only apply to third-party bodily injury or third-party property damage claims.”

“These developing trends reinforce the value of broad, stand-alone cyber insurance coverage,” Willis said.

Cyber risks are also addressed in the report’s Directors & Officers portion, as cyber remains a key focus area of regulation and enforcement. Cyber is additionally mentioned in the Terrorism and Errors & Omissions sections. For E&O, Willis reported: “The market seems to be considering the effect of large data/privacy losses from the retail sector and other large technology losses. Higher quotes have been issued by some carriers, but the long-term effects of these events are still undecided. The losses have mainly affected cyber for the retail sector and the increases have been in the 15 percent to 20 percent range in lower layers of retail cyber towers.”

Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].