Insurers were busy trying to stay ahead of the curve when it comes to creating products for the top markets in 2014, and they don’t seem to be slowing down this year either. Read on for what experts believe can be expected of the cyber liability segment in 2015.

CYBER LIABILITY

The cyber insurance market has gotten more sophisticated and in-demand every year and there’s no reason to believe 2015 will be any different. Not only did insurers expand their cyber liability insurance products with higher limits and more services in 2014, but many also developed more segment-specific programs.

Experts believe this is the way this market will continue to go, as all industries face increasing cyber risks and need more customized coverage.

“Within the next 12 to 18 months we're going to start seeing insurers rebuilding industry-specific products for cyber. At the moment, typically, there is just a generic product that is sold to all different types of businesses. But every industry sector is different and has different exposures,” Graeme Newman, marketing director at London-based CFC Underwriters, told Insurance Journal in July, 2014.

Newman says he also expects more insurers to address the business interruption element of a cyber-breach in their policies going forward.

“The [current cyber] products have actually been focusing a lot on security breaches. As a result, there hasn't been a lot of innovation in the business interruption coverage. I think cyber, particularly in the U.S., has become synonymous with privacy. In fact, the policies have all focused around that particular area,” he said. “I think that's changing. I think clients are becoming more sophisticated. Clients understand there's much more to a cyber policy than just the privacy component.”

Aspen Insurance Co. CEO, Mario Vitale, told Insurance Journal in November that the insurance industry has to get better at both risk management and at creating cyber-related business interruption products, which is probably the hardest to underwrite, he said.

“You have a brand reputation part of it, the restoration process, and of course, the next part of it is business interruption. As an industry, we’re still all struggling to put our arms around that and how we can find some creative solutions for our clients,” Vitale said.

Some companies have touched on this exposure with coverage enhancements, endorsements or sublimits for the coverage. Just a few companies that addressed this need in 2014 include:

  • NAS Insurance Services added the option to include dependent business interruption coverage as an enhancement to its suite of cyber liability insurance services in September.
  • Also in September, Marsh launched a new cyber insurance policy that provides catastrophic protection for large companies that includes physical property damage resulting from a system failure and can include business interruption coverage, including extra expense.
  • Guy Carpenter & Co. and Lloyd’s managing agency Ridge Insurance Solutions launched a cyber privacy and network protection product for small- and medium-sized companies in October. In addition to business interruption coverage, the product offers privacy and security liability; crisis and event management costs; information assets and cyber extortion. The policy provides coverage on a worldwide basis with a capacity limit of US $50 million.
  • Also in October, Starr Companies unveiled a cyber insurance product that includes coverage for business interruption; data recovery and repair; regulatory fines and penalties; extortion threats; network and security liability; data breach notification and credit monitoring; and forensic investigations. Up to $15 million primary or excess limits are available.
  • Global specialty insurer and reinsurer Brit PLC developed an insurance product that provides insurance coverage for first party property damage, business interruption, the cost of restoring digital assets and reimbursement for resultant business income losses. In addition, it provides cyber security risk assessment, on-going loss mitigation and inspection services to large industrial companies.
  • In April, AIG expanded its cyber offering to include property damage and physical risks from cyber exposure. The product, CyberEdge PC, addresses incidents and threats of cyber attacks directed at commercial industries that can lead to equipment failure, physical damage to property, and physical harm to people.

What Else is on the Cyber Horizon?

The massive Sony Corp. breach that occurred at the end of 2014 has been a huge example of the far reaching and costly effects a breach can have — and not just to businesses. Greg Schaefer, president and founder of Schaefer Enterprises, says it will also force underwriters to take a better look at their underwriting of cyber policies as they have been forced to face the fact that a cyber event can be more than just the stealing of personal information or credit card numbers.

“The Sony event was very significant because it was a different type of breach that people weren’t expecting and any time it happens to a company of this size it is shocking,” says Schaefer. “What’s going to happen to policy language to protect carriers from this? Are there exclusions they will come up with?”

There will also be more pressure on insureds to disclose information about their information security to underwriters and protect their sensitive information properly.

“There’s a real challenge getting people to be more upfront about the level of security control they have in place, and also whether they are taking the right kind of steps when they’ve been advised by their professional advisors or by the underwriting agencies themselves,” said Andrew Barratt, European managing director for global independent audit and compliance firm, Coalfire. “I think you’ll see the underwriters over the next two years be a much more regular part of a lot of security risk management, particularly in big corporates, where they’re transitioning quite a large risk to them.”

Schaefer says he doesn’t expect carriers will change their policy language too much in the short term, but rates for information security and computer systems exposures will likely go up.

“I don’t think rates supported that type of exposure and that’s where it’s going to affect the industry,” he says. “I think all segments will be impacted with rate increases because we now see it can happen to anyone.”

Schaefer says this should be motivation for agents to prepare themselves and learn about these policies.

“These incidents are definitely increasing demand and making this coverage a much easier sell. People want to be educated on what the coverage is and it’s our job to teach them and explain what coverage is afforded to them,” he says.

Read Part One and Part Two of the “Top Markets to Watch in 2015″ series.