We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:


Risk in Context

Do You Understand Cyber Insurance Coverage?

Posted by Robert Parisi April 23, 2015

Despite cyber risk’s high profile, a majority of risk executives are not confident that their companies understand how their insurance policies will respond to a cyber event, according to a survey conducted during a recent Marsh webcast.

Nearly 225 risk professionals reacted to the statement: “I’m confident that my organization fully understands how its insurance coverages will respond to losses from a cyber event.” The final tally showed:

  • 38% said true.
  • 49% said false.
  • 13% said they didn’t know.

Those in the “false” or “didn’t know” columns would be well-served to gain that understanding.


People tend to think “data breach” or “privacy event” when they hear “cyber insurance.” But it is much more than that: Cyber insurance is meant to address the risks a company has because it collects or handles confidential information and/or relies upon technology in its operations.

Let’s look at the current state of the three Cs of the cyber insurance markets in the second quarter of 2015:

Coverage remains strong, and continues to expand as carriers innovate on policy wordings and focus on new coverage grants.

Capacity is being reduced by some carriers, and others are exiting the market. But there are new entrants as well.  Overall, capacity is generally flat to slightly down.

Cost is somewhat volatile. We are seeing significant price increases for large buyers with significant volumes of personally identifiable information (PII), protected health information (PHI), and similar data, simply as a result of the catastrophic risk that insurers perceive them to be. Primary rates are increasing, but most of the challenge is in the excess layers. We have recently seen increases from last year’s rates of US$5,000 to US$10,000 per US$1 million of coverage to US$15,000 to US$20,000 per million.


Large buyers are being hit the hardest. For one thing, they have large exposure bases. They also buy the largest towers, so the rate increase effect is maximized due to the hardening excess pricing.

Rate volatility is likely to continue through the end of 2015 — barring unforeseen changes in conditions — as carriers attempt to digest recent claims and rebalance their portfolios. This is the type of information organizations should seek from their risk advisors to help them understand cyber insurance.

Listen to a replay of Marsh’s The New Reality of Risk webcast, A Framework for Managing Cyber Risk, to hear more of Bob Parisi’s comments.

Related to:  Cyber Risk

Robert Parisi

Robert Parisi is a managing director and National Practice Leader for Technology, Network Risk, and Telecommunications specialist in Marsh’s New York City headquarters. His current responsibilities include advising clients on issues related to intellectual property, technology, privacy, and cyber related risks as well as negotiating with the carriers on terms and conditions.