New cyber liability products and players continue to flood this already oversaturated market, but the real question is: is anyone buying them?
Well, it depends on whom you ask.
A recent survey of 164 risk and finance managers from Towers Watson found that 73 percent of companies have not purchased network liability policies. The study also said that many participants were not worried about or aware of their risk.
But insurance agencies that focus on smaller companies are experiencing different results.
“We are seeing a wide variety of companies buying the coverage,” says Stephen Haase, president of InsureTrust in Atlanta, Ga. “We have had a 30 percent increase in business this year, which is just unheard of in the wholesale business.”
Recent privacy breaches involving Epsilon and Sony have put this topic front and center again, demonstrating that companies need to be proactive in protecting their data and establishing a plan to deal with a breach should one occur, say underwriters.
“You look at these recent breaches and they are not new,” says Kurtis E. Suhs vice president and technology E&O & privacy national practice leader for Ironshore. “There have been breaches going on a long time, but what is different is the amount of information companies have now. I think as companies realize that, they have to look at what data they have, where they have it, and who is responsible to maintain the data.”
IronPro launched its Enterprise PrivateProtector 9.0 in October to assist businesses with managing their network security and privacy risks. The product provides Side A excess directors and officers (D&O) liability coverage arising from a network security or privacy wrongful act, as well as coverage for a company’s privacy breach expenses. It also protects against the potential liabilities from unauthorized access or use of an insured’s computer system, denial of service attacks and malicious code.
The product includes other coverages as well, including business interruption. It is aimed at financial services, healthcare, retail and hospitality areas with revenue up to $3 billion.
Suhs says the response to the coverage has been strong. “Because of the visibility of incidents, a lot of companies are looking at risk management and there is a lot of concern in the markets,” he said. “We are seeing buying in the marketplace.”
Opportunity for Agents
Education continues to be one of the biggest challenges in this market, and that goes for insureds and the agents and brokers selling the privacy products.
“When an agent looks at this space and says, ‘I want to be an expert in it,’ they get about a foot deep and realize, ‘I will never have the time,’” says Haase. “They already have to keep up with workers’ comp, general liability, EPL, etc., and this one changes so rapidly.”
Agents who are selling coverage need to be well-versed in what is happening with privacy legislation.
“Every state is different and you have to keep abreast of that as well as federal legislation, that’s one piece of it,” says Suhs. “It is challenging from an underwriting perspective because agents really have to understand the business of the applicants and the types of risk they could see because what we are seeing out there is a broad spectrum of different types of exposures.”
There is also the challenge of keeping up with the constantly changing cyber liability insurance market.
“Agents get overwhelmed by all of the options and products out there and just end up trying not to make a mistake and compare 25 different coverages,” says Adam Sills, vice president at Allied World. “A lot of people have products but not a lot of people understand the market and the exposures.”
Allied World’s new product, Privacy//101, is designed for small to mid-size organizations and offers full limits for notification and regulatory costs. The application has been simplified, with just the class of business and its revenue needed, and pricing starts at $300.
Sills says there are many companies that aggregate personal information, just not to the level of a large financial institution or hospital. These other companies are the targets for this product.
Allied World believes its product simplifies the coverage for agents. The cyber liability application process usually requires a 10 to 15 page application and an underwriting call with the insured, according to Sills. Then, typically , the price ends up being more than an insured wants to pay.
“The biggest struggle for brokers selling privacy insurance is number one being comfortable selling the business and the other thing is the process,” he said. “We wanted to help get them away from the process because it really frees them up to sell and cross-sell with existing business.”
Despite the challenges, the opportunity is there for agents to make money in this market and big data breach headlines should make the sell that much easier.
“The regulatory awareness has added to the demand and the amount of money people have spent dealing with data breaches, not to mention the liability that can come out of these breaches, has definitely created awareness for buying the product,” says Sills.