More and more, data breaches are making mainstream headlines—from the massive breach at Target potentially affecting a third of the American population to the release of hundreds of thousands of personally identifiable information records from institutes of higher learning.
The cyber market is buzzing, with reports of increases in submissions for cyber coverage. Are these potential insurance customers driven by the recent news or is awareness just a part of the equation? And is the take-up rate for cyber coverage improving?
By all accounts there is an abundance of capacity, but how and where is it being deployed?
Advisen asked some leading insurance intermediaries these questions and more.
Have something to add? Email your comments to [email protected] and we will add them to the story.
Robert Parisi, senior vice president and technology, network risk, and telecommunications specialist, Marsh
Parisi said there anywhere from $300 million to $890 million in cyber insurance capacity in the marketplace from the US, London, Bermuda and reinsurers.
“The question is how this capacity will be doled out,” he said. Insurers typically limit coverage to $10 million to $15 million. Some carriers can go as high as offering $25 million limits. The result is the possibility of putting together an insurance tower providing $200-$300 million in coverage.
Right now, he said, “I’m not getting any doors slammed in my face. Markets have not been letting me down. Everything is potentially available out there.”
Primary layers of coverage are the most competitive. “There are a lot of markets fighting over that meat,” Parisi said. Rates remain flat overall, but there are some increases on the primary
New entrants into the cyber insurance marketplace are making an “intelligent play” by providing excess-layer coverage—hoping it doesn’t get cracked as it learns the ins-and-outs of the market.
Additional capacity in the higher layers is allowing more first-time buyers to purchase more limits, and return business to increase limits.
Not only are submissions up, but more clients are buying coverage. Recent news and regulation have increased the urgency of companies previously on the fence.
“The pace has quickened,” Parisi said. “I’m busy and happy.”
Christine Marciano, president, Cyber Data Risk Managers
Contractual obligations are driving many cyber insurance purchases, reports Marciano.
“Maybe companies still think what just happened to Target won’t happen to them but more and more business partners are making sure [contract partners] have coverage to help pay for the costs if something happens,” Marciano said.
Customers have gone from “window shopping to actually purchasing,” she added.
Advisen data shows the introduction of new cyber policies has sagged since a peak in 2009.
“While we did see many new carriers seeking ‘green’ and wanting a piece of the market through mid-2013, it’s my feeling that the players have leveled off a bit,” said Marciano. Other sources confirmed: there hasn’t been a steady stream of new cyber products into the marketplace compared to several years ago.
Marciano said more carriers are seeking market share, creating a competitive buyer’s market. Though it remains to be seen whether risks are priced appropriately, Marciano said she has “yet to see a client’s premium increase at renewal.”
“The carriers that price too low concern me [as they seek market share],” Marciano said. “You have to wonder what the client’s premium will be come renewal, especially if the insurer captures a decent share of the market.”
Most risks can be met with coverage but those associated with energy or virtual currency are harder to place.
There is plenty of capacity and increased competition “devoted to going after business” but a lot of companies are still not buying coverage, Palotay reported. Still, the take-up rate is improving.
Of those who are buying, the retail sector is seeing prices for coverage increase.
“We are increasing prices in all retail accounts we have right now, and getting the increases,” he said.
Palotay said NAS has received an increase in the rate of retail submissions and he reported double-digit growth.
NAS sees limits of up to $15 million offered by insurers and the MGU has many $1 million accounts. “We have a ton of those,” he said.
Palotay said the nature of competition in the marketplace can be likened to the employment practices liability market of the mid-90s.
“More and more come to the market until it is saturated and then it switches to a price war,” he said.
Insurers are not pricing for a large, catastrophic loss affecting many policies but insurers have begun to track how many policyholders use the same cloud provider in order to assemble some level of understanding on aggregates.
Christopher Keegan, national resource for cyber and E&O insurance coverage, Willis
A recent study from Willis concluded there are 86 players in the marketplace worldwide. The count includes different companies from the same insurance group.
Cyber insurance capacity, according to Keegan, exceeds $1 billion. Keegan said insurers limit coverage to $10-15 million—$25 million tops from a few carriers. Layers can be stacked to put together a $400-500 million program.
Competition for market share is fierce as the market’s understanding of the risk matures. More and more companies are “dipping a toe in.”
“If you don’t have the expertise at this stage, you may miss the wave,” he said of insurers sitting on the sidelines. Nevertheless, Keegan said some carriers consider it too early to enter the cyber market because there is not enough information.
Subsmissions are “absolutely” up since last year. “It has given us a lot more to do but we’re not complaining,” he said. Purchases are driven by news of breaches in retail, contractual obligations and government regulations or standards.
Higher education institutions and municipalities are tough cyber risk to place, he said.
Of the drop in new policies entering the market, Keegan said: “That seems right. It seemed like a few years ago you couldn’t turn around without a company asking us to look at a new policy.”
David Derigiotis, head of Professional Liability Center of Excellence and a cyber expert, Burns & Wilcox
Insurers are getting better are writing cyber risk and refining and enhancing forms.
Possibly as a result of greater knowledge at the insurer level, buying a policy is easier.
“Years ago you essentially had to be a CIO,” Derigiotis said. “Policies were engrained with technical talk. It is easier to communicate now, on both sides of the policy.”
Derigiotis said submissions are up and Burns & Wilcox has seen “increases in the binding ratio.” This includes a rise in first-time buyers, who can get a policy for as little as $500.
Recent data-breach news has certainly has an effect but Derigiotis would like to think some of the increase business is due to education. Derigiotis travels to teach classes in order to raise awareness.
On market competition, Derigiotis said, “There are still plenty of markets. You are competently able to place risk of any size.”
He said business, small to large, are buying more limits.