After several years of competitive pricing and capacity expansion, cyber insurers appear to be reassessing coverage breadth.
Asked whether carriers are beginning to restrict coverage, panelists at Zywave’s Cyber Risk Insights conference in New York this week said there are some signs, especially when it comes to privacy coverage.
Beth Gidicsin, a regional cyber practice leader at Lockton, said many insurers are evaluating—with some taking action on—the expansion of privacy risk.
“Many cyber insurance carriers have broad privacy or affirmative wrongful-collection coverage,” she explained. “But also many are continuing to start to say, ‘I don’t know about this anymore. We need to start looking at this.’ Many are putting exclusions on the policies.”
She said some new policies have the exclusions but clients can add the coverage back in “if [the carriers] are actually underwriting to it.”
Gidicsin said the shift is being driven by a rise in privacy litigation, driven by regulatory changes in the U.S. and abroad. Traditional cyber policies weren’t exactly built for these related losses. Coverage for privacy had been triggered by a data breach, with response to regulatory fines and penalties. But with evolving laws, there “doesn’t actually need to be a data breach-type event for privacy litigation to come after one of our companies.”
Of course, the broker said she continues to push for broad privacy coverage for clients since it is developing as a bigger risk for all industry classes, but she is doing so with the understanding that carriers will need to underwrite to a new understanding of the risk.
Gidiscin offered additional perspective on acquiring coverage for gaps from other product lines, such as property. A long-standing problem in the industry has been whether cyber-related property damage is covered by a cyber or property policy, but the industry is trying to innovate—possibly with a new product.
Beyond privacy, the market continues to try to innovate. Carriers are experimenting with AI-related endorsements and exploring solutions for cyber-triggered property damage. Additionally, business interruption has come into focus with recent non-information-technology events related to system failure or dependent system failure.
“Is that enough in this environment with the cloud landscape and cloud dependencies?” Gidiscin asked.
David Derigiotis, who is focused on cyber and privacy as president of RT Specialty Detroit and EVP of ProExec Practice Group, said there is “room to negotiate and to have expansions of coverage where you need it.”
“Wrongful collection is a big one,” he said. “These policies are cyber and privacy. The privacy side is a very big deal.”
However, he added, coverage needs to be tailored to individual risk. “You can’t give the broadest form, broadest coverage available to every single client every single time. That’s when you’re going to open yourself up to serious issues. So we’re very careful in how we are doing that, making sure the right coverages have the right partners,” Derigiotis said.
The product needs to be fit for purpose, agreed Lori Bailey, head of global cyber and technology at Axis, and the industry is adapting from a one-size-fits-all approach to coming up with different variations for different segments of the market.
“The worst thing that can happen is to buy a policy and then have a claim occur that’s not covered,” Derigiotis said. “So we have to understand what’s coming, what’s taking place in the regulatory landscape, and how it can impact a policyholder or an insurer.”
Topics Carriers
Was this article valuable?
Here are more articles you may enjoy.
Catastrophe Bond Investors Told to Brace for Jamaica Payout 
Hurricane Melissa Churns Toward Jamaica as Category 5 Storm 
Reuters: Iran, Russia and the New Zealand Insurer That Kept Sanctioned Oil Flowing 
GEICO Sues Medical Firms in Florida, NY Over Alleged No-Fault Auto Fraud 
