Tag Archives: cyber insurance

Immediate Vault Immediate Access

Cyber Insurance Purchasing Up, But Breaches Felt in Prices and Limits

Posted on by

NEW YORK—At yesterday’s Advisen Cyber Insights Conference, Zurich and Advisen released the fifth annual Advisen Cyber Survey of U.S. risk managers, finding a 9% acceleration in cyber liability insurance purchasing from 2014 to 2015. The firm has seen a 26% increase in the number of respondents who have coverage since the first survey in 2011.

Companies are taking cyberliability more seriously, Zurich reports, with the number of organizations developing data breach response plans up 10% from last year. What’s more, companies appear to be better recognizing the sheer amount of value at risk, with two-thirds of respondents saying they have either increased their policy limits or are considering doing so. While Zurich found that more organizations view information security as an organizational challenge rather than the purview of the IT department alone, and respondents said that boards and executive management are taking cyberrisk more seriously, those who have not yet obtained cyber coverage say it is because their superiors still do not see the need. There is also still a considerable difference in take-up rates among large corporations and small and mid-sized businesses, with Catherine Mulligan, senior vice president and national underwriting manager of specialty E&O, telling the audience there is an approximate 20-point spread between the groups.

“This year’s cyber survey shows that demand for coverage and higher limits has increased tremendously and we at Zurich have seen double digit growth year over year,” said Bryan Salvatore, president of specialty products for Zurich North America. “That is why we are heavily invested in identifying risks and delivering solutions and why we are committed to staying at the forefront of this issue.”

Marsh has also seen considerable growth in cyber liability insurance purchasing among its clients. According to the insurer’s new midyear cyber benchmarking report, the number of U.S.-based Marsh clients purchasing standalone cyber insurance increased 32% in the first half of 2015, up from 26% growth during this period in 2014. By sector, members of the education industry made up the biggest growth, with 155% more clients purchasing the coverage, followed by power and utilities with a 100% increase and manufacturing with a 76% increase. The healthcare sector remains Marsh’s largest buyer of cyber coverage, with 41% of all clients in this industry purchasing it by the end of the first half of 2015.

Cyber liability insurance growth rates

Sessions throughout the conference made clear that insurers—and the industry at large—are still struggling with what is also risk managers’ biggest challenge: data. Completely evaluating the true value at risk with cyber liability continues to elude both sides, although many new approaches and consultancy services are emerging. Further, the dearth of actuarial data not only compounds the challenges of the cyberrisk assessment process, but make it hard for the industry to set pricing and limits with confidence.

“It is hard for insurers to be prudent with cyber as risk managers often do not fully understand how to measure their exposure,” Mulligan said.

“Actuarial data is the Holy Grail of the cyberinsurance market: we’re all searching for it and it’s just not there,” said Bob Parisi, cyber product leader at Marsh, who moderated a session on the struggle to quantify and model cyberrisk.

In addition to the actuarial uncertainty, the considerable number of large losses over the past few years is continuing to push up the cost of cyber, forming what Willis executive vice president Peter Foster described as a “hot” market that will have to cool and solidify with time. Parisi chose to describe the market as “brittle” after absorbing several hundred million dollars in losses, and a range of insurers and brokers reported that premiums have increased dramatically as a result. The Marsh study found that price increases across industries averaged 19%, with 32% increases among retailers, the most frequently breached sector over the past few years.

cyber insurance limits purchased

While these breaches and better estimates of the real cost of cyber incidents have helped many companies realize they may be underinsuring for cyber liability, the move to correct this is getting more difficult. Insurers have said repeatedly that there is plenty of capacity in the cyberinsurance market and many buyers have increased the limits purchased, but higher limits of liability are increasingly hard to come by, and none really exist in excess of $100 million. Particularly for businesses that have yet to implement serious efforts to address information security, rate increases appear sure to continue, and simply buying more coverage will not only be unsustainable, but may not even be possible as insurers give more thought to the capacity they are willing to commit to these risks.

“There is just not enough capacity to extend $50 to $100 million limits to every account,” said Greg Vernaci, AIG’s head of cyber in the United States and Canada. “We are looking to reward those companies with a robust information security posture who go beyond and take a multifaceted approach to managing cyberrisk.”

Cybersecurity, Product Recall and Drones Top List of Emerging Casualty Risks

Posted on by

The cybersecurity insurance industry is booming, with demand for this specialty coverage vastly outpacing any other emerging risk line, according to a new survey by London-based broker RKH Specialty. In fact, 70% of the insurance professionals surveyed listed cyber as the top casualty exposure.

The brokers, agents, insurers and risk managers RKH queried after April’s RIMS 2015 conference said their top casualty concerns after cyber are product recall and drones (11% each), with others including e-cigarettes, autonomous vehicles and telematics totaling only eight percent.

RKH Specialty Study Graph

“Losses stemming from cyber-related attacks and business interruption can be catastrophic for individual businesses,” said Barnaby Rugge-Price, RKH Specialty’s CEO. “Healthcare and retail have been the major buyers in the cyber space to date but we are seeing an increasing conversion rate across the whole of our portfolio. After a number of years of looking at the offering, clients are increasingly deciding to purchase the cover as the product has improved and the frequency of attacks has continued to increase. There has also been a heightened focus on the business interruption aspect, where cyber attacks can cause whole facilities to shut down. But whether cyber related or not, any interruption to the supply chain can cause a disproportionate loss. The survey highlights the importance of specialist insurance for a whole host of emerging risks.”

Turning specifically to property exposures, supply chain disruption was identified by 61% as the top risk, followed by flood (30%) and tornadoes (9%). The findings reflect a growing recognition of the potential exposures that longer and more complex supply chains introduce, the firm said.

The brokerage also asked insurance professionals what they think clients are and will be most concerned about when evaluating a broker’s service, and in turn, what brokers will need to focus on to stay competitive. They predict:

RKH Specialty broker service

Tom Ridge Tells Cyber Conference Insurance Should Incentivize Risk and Resilience Planning

Posted on by

tom ridge advisen cyber risk conference

More Americans worry about being hacked than they are of mugging, burglary, sexual assault, murder, or physical harm of a child, according to a new Gallup poll. While hacking concerns did increase with household income, they impacted a majority of Americans in every income and age bracket, while no other form of violent crime surpassed 45% of those polled.

A new survey from Advisen and Zurich found that this fear is nearly universal for companies as well. Across industries, 88% of businesses view cyber as at least a moderate risk – up to 93% among larger businesses and 81% among small. Despite this widespread recognition, however, fewer businesses have a breach response in place than just a year ago. In 2014, only 62% have a response place – a 10% decrease from 2013. Yet 66% now use cloud services, presenting a 20% jump from last year.

“Clearly, security concerns are being outweighed by the benefits of technology,” said Erica Davis, Zurich vice president and assistant national manager for E&O, while presenting the findings on Tuesday at Advisen’s Cyber Risk Insights Conference.

Throughout the conference, consensus was clear: the 69% of Americans and 88% of businesses are on the right track, as their fears are well-founded. “There are two types of banks today: those that have been breached, and those that will,” Roc Starks, senior vice president and director of corporate insurance at Citizens Bank, said at one of the day’s panels. “First response is the critical difference in how banks and customers will fare.”

Keynote speaker and former Director of Homeland Security Tom Ridge (now of Ridge Insurance Solutions) shared this outlook on cybersecurity across industries. “There are going to be breaches,” he said. “Resilient companies are the ones that are prepared to respond.”

Yet breach response without risk management and an eye toward mitigation is no longer sufficient. “Those prepared to organize around risk and resilience are those that will withstand and lead,” he added. “By the time we get here next year, the risks will be different – the digital sun will never set.”

The landscape of cyberrisk and hacking schemes is constantly evolving, and changing at a scale and speed unlike anything seen before, Ridge said. For attendees, there was little doubt about this insight, as panelists throughout the day detailed new phishing schemes seen, top areas of emerging vulnerability, and the myriad breaches they or their industry colleagues have navigated. More companies are investigating the most useful forms of coverage for their unique exposures and exploring what management structures and risk owners are most effective to monitor and mitigate cyber. The recognition is there, and so are some of the solutions, but the insurance landscape must still evolve, as must the strategies. “We’ve seen a mind-shift,” Ridge said. “CEOs get it, but they do not know what to do and who the threats come from.”

To that end, there is more the industry can do to help. Ridge lauded the idea of “intelligent insurance,” arguing that, in addition to devoting greater resources to investigating cyber threats, the insurance industry should turn its attention to incentivizing companies to manage cyberrisk more effectively.

Much as in insurance disciplines like kidnap and ransom, some of the greatest benefits of insuring cyberrisk may come from the processes of evaluation and contingency planning. According to Ridge and other conference speakers, finding out how to oversee and incentivize those processes may be the next adaptation for cybersecurity insurers.

The Evolving Cyberrisk Landscape and the Insurance Industry

Posted on by

Cyberrisk

Rapidly developing computer technologies and the unrelenting evolution of cyberrisks present one of the biggest challenges to the (re)insurance sector today. Liabilities from cyberattacks and threats to the data security of cloud computing and social media have become key emerging risks for carriers. The unprecedented rise in cyberattacks, in addition to the threat cyberrisk poses to global supply chains, has seen the cyberinsurance market grow significantly in recent years.

Client demand for cyber coverage has been growing, on average, 30% annually in the United States over the past several years, according to Marsh. While demand varies by industry, the one constant has been that more clients are investigating and analyzing existing traditional insurance coverage and whether they need standalone cyberrisk insurance coverage.

Because cyberrisk is associated with the use of technology and the handling of all data and information, the threat transcends a company’s information technology (IT) department as well as what is confined to the internet. To help overcome some misconceptions that still exist for cyberrisks, some clarity around business exposures is needed to understand the scope of the threat.

Cyberattacks pose a danger to global supply chains

Cyberrisks are not isolated and are usually connected to other risks. Many companies that are exposed to cyberrisks are, for example, also exposed in turn to risks to their supply chain. Due to technological innovation and advances, many parts of a company’s or industry’s supply chain have become interconnected and automated.

Most commercial entities today are exposed to these risks as a growing number of businesses become more interconnected globally. A single cyberattack has the potential to put an entire company’s supply chain at risk. Therefore, cybersecurity and supply chain risk management must be considered in conjunction with one another.

There are a range of risks when it comes to online/computer security. Cyberattacks can result in first party liability, including business interruption, computer security breaches, privacy breaches of confidential information and even third-party liability losses. Technology failures have begun to outpace adverse weather, fire and social unrest as the major force in disrupting a corporate supply chain, according to a recent Guy Carpenter report.

Everyone is at risk – individuals, companies and governments

In 2014, cyber issues have become more of a concern for companies that once felt they had relatively little exposure. In fact, cyberattacks were ranked fifth among the top five global risks in terms of likelihood in this year’s World Economic Forum’s annual Global Risks 2014 report.

Governments consider cyberattacks to be among the most serious economic and national security challenges now facing them. And through the ubiquitous use of the internet, mobile devices and social media, companies of all sizes and in all nations are now finding themselves at risk of falling prey to the full range of cyber perils. Such attacks can run from hackers shutting down a company’s network, gaining access to customers’ and employees’ personal and financial information, to the theft of business trade secrets.

More data laws and regulations in place

High-profile data breaches and other cybersecurity incidents have become more commonplace with increasingly onerous outcomes. Target, one of the largest retailers in the United States, suffered a massive cyberbreach late last year which involved the theft of approximately 40 million credit and debit card account details as well as personal data of nearly 70 million customers. The breach reportedly occurred when hackers used the retailer’s heating and cooling vendor’s system to navigate their way into the retailer’s records. The resulting publicity cost the company a significant amount in lost sales, loss of reputation, class action lawsuits, and may have contributed to the ouster of the chief executive officer. And most recently, a U.S.-based online auction site announced that hackers accessed the company’s 145 million user accounts and urged customers to change their passwords.

More recently, home improvement chain Home Depot became the victim of another credit card data breach and the FBI is reportedly investigating cyberattacks at some of the largest banks in the United States.

As cyber incidents affect both consumers and institutions, governments everywhere are putting more data privacy laws and regulations in place in regard to disclosure and other related safeguards. In the United States, there are laws that require the protection of both personal financial and health information. Last year, the U.S. Securities and Exchange Commission, which oversees publicly-traded companies, adopted a directive requiring certain regulated financial institutions and creditors to adopt and implement identity theft programs in light of the new cyber threats.

Risk mitigation and insurance

With governments considering and enacting new laws in response to the rising number of cyber events, companies, especially those in the United States, are taking a closer look at cyberrisk mitigation, including insurance coverage of breaches and attacks.

Media reports of serious data breaches have prompted more companies to buy cyber coverage of $100 million or more compared to the prior year, Marsh said in its March 2014 report Benchmarking Trends: Interest in Cyber Insurance Continues to Climb.

Traditional insurance products often do not cover risks that cover damages resulting from an incident like a computer breach.

buy neurontin online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/neurontin.html no prescription pharmacy

As such, specific cyber liability insurance may be necessary.

The very process of applying for cyberrisk insurance is a constructive exercise for raising awareness and identifying potential vulnerabilities.

buy zantac online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/zantac.html no prescription pharmacy

By engaging in that process, a company can perform a review of information security protocols with respect to access control, physical security, incident response and business continuity planning.

buy diflucan online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/diflucan.html no prescription pharmacy

As a result, businesses and other institutions are finding that cyberinsurance products have been broadened to include coverage that now addresses nearly all aspects of technology-based risk faced by today’s companies. Carriers have been adapting their policies to include a variety of loss prevention and risk mitigation tools, ranging from turnkey breach response teams to pre-emptive risk analytics.

As cyberthreats become more severe, more frequent, and continue to change along with technological advances, the (re)insurance industry will continue to stay one step ahead by creating new forms of cyberrisk coverage to meet the needs of their clients.