Who’s the best target for cyber cover?
Welcome to 2018! In this month’s National Underwriter Property & Casualty cover feature, I examine the state of the Cyber insurance market and shed some light on the ever-evolving threats to business that can be mitigated with the aid of brokers savvy enough to identify coverage gaps in existing policies — primarily, Property and Business Interruption.
Business interruption is of particular note when discussing one of the great untapped markets for Cyber coverage: small to midsized businesses. These potential clients present the single greatest opportunity for Cyber coverage, because they’re the ones who need it the most.
Related: 5 ways to talk to midsize businesses about cyber liability
Businesses of this size don’t have the IT and information security budgets or personnel of a major corporation, nor do they typically possess the risk management resources of a larger organization. At the same time, they’re the segment that is most economically vulnerable to a cyber attack. If their operations are shut down for a week because they’re locked out of their computer system in a ransomware or cryptolocker incident, that lost revenue could be crippling. Many businesses of this size simply wouldn’t survive a two-week shutdown.
Should those clients think their General Liability or Property policy covers those losses, well … that’s not always the case. “Silent Cyber” can come into play here, where such a loss can indeed be covered if a cyber-related event isn’t explicitly excluded in the policy language. (As always, your mileage may vary.) But even then, the limits within a Property policy may cover just a fraction of the actual loss if damages are high.
“We are a market-share competitor in this space, and our biggest competitor is self-insurance,” said Michael Palotay, chief underwriting officer for NAS Insurance Services in Encino, Calif. The challenge, he said, is explaining the value of a well-crafted Cyber policy to the client or prospect. When they see the potential loss as compared with the premium, it’s a slam-dunk.
Palotay added that retail and wholesale brokers are getting better at articulating that value proposition.
“There’s a desire to purchase if the premium is reasonable,” Adam Cottini, managing director of Gallagher’s Cyber Liability practice, told me. “What we fight an uphill battle on is education, and counteracting bad advisory.” He explained that there’s some misinformation out there for clients on what the coverages are. In the end, as in all policies, “there needs to be an affordable exchange for the risk involved, robust protections for a premium that’s commensurate for that risk.”
Related: Cyber insurance claims: What happens when a breach occurs
Greg Vernaci, AIG’s head of Cyber for the U.S. & Canada, was a featured speaker on a panel with me at ALM’s CyberSecure conference in Manhattan in December. He mentioned he’s seeing an increasing trend of small businesses wanting their vendors to contractually carry cyber insurance. A vendor that has cyber exposure isn’t one you want in your supply chain.
“Just because you’re small doesn’t mean that you’re not going to be targeted,” he said. “You are.”
Steve Anderson, vice president and product executive in Privacy & Network Security at QBE North America, agrees that midsize businesses present the largest market potential for growth. “Businesses outside of corporate organizations handle customer-payment data, use networks that aren’t always as safe, and if they had a breach, their business could be shut down,” he said.
“Those small business owners understand that to spend $5K to $10K on a $1 million policy is a smart move for them, and carriers are starting to give them applications that aren’t 20 pages long,” said Anderson. In terms of the preventive risk management services offered as part of the package, he added, “It’s a no-brainer.”
Speaking about the Cyber market more broadly, executives in this space remarked that competition is fierce, which in turn drives down rates and expands limits. With so many carriers fighting to write all the business they can in a market that hasn’t seen “the big one” yet but definitely will at some point, here’s hoping that their underwriting is as solid as they claim.
Shawn Moynihan is editor-in-chief of National Underwriter Property & Casualty. He can be reached at email@example.com.
The changing world of cyber liability insurance
Emerging cyber risks