Cyber insurance remains an area of growth opportunity for property and casualty insurers, particularly in the face of large-scale risk factors.
According to a new report, “CYBER: Insights on the current and future state of the US cyber insurance market” from Risk Placement Services (RPS), insurtechs, MGA startups, and other new players are creating a lot of extra capacity in the market, while some existing carriers are loosening underwriting standards to maintain market share.
“Those markets that were previously only offering a $1 million or a $2 million limit have since gone to $5 million,” said RPS National Cyber Practice Leader Steve Robinson. Widespread premium reductions and additional capacity are still defining the market, with limit availability increasing even as risks become more prominent, he added.
“We’re seeing more now that can do $10 million and even some at $15 million, and that’s reflective of the capacity,” he said.
According to Jack Rosen, RPS area assistant vice president, the market will remain unsettled until the next wave of consolidation reduces the number of carriers. Inconsistencies in carrier approaches, especially in handling claims adjudication and methodologies employed for pricing risk, also contribute to the potential for lingering volatility.
“Premiums today are so low that you’re seeing $100,000 or $200,000 claims on policies with a $5,000 premium,” Rosen said. “And many claims are not necessarily traditional data loss claims but financial-related incidents like social engineering fraud and invoice manipulation, all involving insureds inadvertently sending money to bad actors.”
In response to the evolving threat landscape, carriers are adapting services to increasingly offer preventative resources like training, risk assessments, and security tool access.
Carriers are also adjusting the wording in their policies to consider increased vendor risk and guard against AI as an attack vector source for both privacy and security liability, as well as cybercrime.
“The insurance community in general has played a major role in moving the needle in the right direction in terms of organizations’ cyber readiness,” Robinson said. “That’s because now there are requirements for basic data hygiene, information security practices, policies and procedures that need to be in place to even qualify for cyber insurance.”
Topics Cyber
Was this article valuable?
Here are more articles you may enjoy.