Do You Understand Cyber Insurance Coverage?
Despite cyber risk’s high profile, a majority of risk executives are not confident that their companies understand how their insurance policies will respond to a cyber event, according to a survey conducted during a recent Marsh webcast.
Nearly 225 risk professionals reacted to the statement: “I’m confident that my organization fully understands how its insurance coverages will respond to losses from a cyber event.” The final tally showed:
- 38% said true.
- 49% said false.
- 13% said they didn’t know.
Those in the “false” or “didn’t know” columns would be well-served to gain that understanding.
COVERAGE, CAPACITY, AND COST
People tend to think “data breach” or “privacy event” when they hear “cyber insurance.” But it is much more than that: Cyber insurance is meant to address the risks a company has because it collects or handles confidential information and/or relies upon technology in its operations.
Let’s look at the current state of the three Cs of the cyber insurance markets in the second quarter of 2015:
Coverage remains strong, and continues to expand as carriers innovate on policy wordings and focus on new coverage grants.
Capacity is being reduced by some carriers, and others are exiting the market. But there are new entrants as well. Overall, capacity is generally flat to slightly down.
Cost is somewhat volatile. We are seeing significant price increases for large buyers with significant volumes of personally identifiable information (PII), protected health information (PHI), and similar data, simply as a result of the catastrophic risk that insurers perceive them to be. Primary rates are increasing, but most of the challenge is in the excess layers. We have recently seen increases from last year’s rates of US$5,000 to US$10,000 per US$1 million of coverage to US$15,000 to US$20,000 per million.
VOLATILITY TO CONTINUE
Large buyers are being hit the hardest. For one thing, they have large exposure bases. They also buy the largest towers, so the rate increase effect is maximized due to the hardening excess pricing.
Rate volatility is likely to continue through the end of 2015 — barring unforeseen changes in conditions — as carriers attempt to digest recent claims and rebalance their portfolios. This is the type of information organizations should seek from their risk advisors to help them understand cyber insurance.
Listen to a replay of Marsh’s The New Reality of Risk webcast, A Framework for Managing Cyber Risk, to hear more of Bob Parisi’s comments.