Hard markets are nothing new — agents have dealt with them for decades and the forces that trigger them, including more frequent and severe natural disasters and years of soft pricing. With the hardening market in cyber coverages, however, agents will need to push risk mitigation with clients in advance to satisfy insurer requirements.
“The cyber insurance industry is experiencing a perfect storm between widespread technology risk, increased regulations, increased criminal activity, and carriers pulling back coverage,” according to Joshua Motta, co-founder and CEO of Coalition, which offers cyber coverages and cyber security tools to agencies. “We’ve seen many carriers sublimit ransomware coverage, add coinsurance, or add exclusions for end-of-life software.”
“Rate increases depend on the size and class of business,” said Brian Thornton, president of ProWriters, a tech-enabled wholesale specialist and surplus lines broker. “For small businesses, we’re seeing 10% to 15% increases and 20% to 30% hikes for larger businesses, with reasonable controls and no claims.”
Thornton adds that carriers are also reducing limits. For example, a $5 million limit can be reduced to $2 million, and a $10 million limit cut to $5 million. He says public entities are also subject to steep reductions in limits by as much as 90%.
A recent Willis Towers Watson (WTW) report states that primary and excess cyber renewals are now averaging premium increases of 25% and higher, while coverage continues to evolve and expand to address regulatory risk, reputational damage, forensic accounting and gap exposures.
WTW also reports that work-from-home may be contributing to an increase in phishing and hacking activity and makes responding to a potential data breach more difficult by increasing the time to identify and contain a potential breach. According to the report, 86% of respondents think the frequency of cyberattacks will increase because of COVID-19 and more than half (54%) think the severity of those attacks also will increase.
As losses rise, cyber capacity is also tightening.
“Carriers have certainly been reducing capacity on individual risks and around their entire portfolios,” Thornton said. “So there has been a large reduction in capacity but we have not seen many carriers fully pull out of the cyber insurance business, though we may see more carriers run out of capacity toward the end of the year.”
Coalition has not reduced coverage, according to Motta, nor has it sublimited ransomware coverage, added coinsurance to its policy, or added exclusions for end-of-life software.
Insurers are tightening underwriting requirements, however, and are specific in what actions they want businesses to take to qualify for coverage.
“Before deciding on whether or not to insure a business, most insurers want to see to what cybersecurity practices and tools are already in place, such multi-factor authentication (MFA), endpoint protection and cloud-based backup, and dual authentication for funds transfer,” said ProWriters’ Thornton.
Cybersecurity support services, such as employee training may be available from insurers though to varying degrees.
“Cyber criminals use ever-more sophisticated techniques to execute their attacks, though the most important security controls are free or low-cost to implement,” said Coalition’s Motta.
“Our top cybersecurity recommendations include two-factor authentication or multi-factor authentication on all business-critical systems; basic email security controls (like SPF and DMARC); an endpoint detection and response solution; and maintain regular backups of all business-critical data,” Motta said.
Businesses of all sizes are coming to grips with the growing threat of cybercrime and are looking for insurance solutions. There are strings attached to those solutions, however, and agents must step up to guide clients effectively.
Was this article valuable?
Here are more articles you may enjoy.