[BreachExchange] Who's the best target for cyber cover?

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jan 15 20:55:24 EST 2018


Welcome to 2018! In this month's National Underwriter Property & Casualty
cover feature, I examine the state of the Cyber insurance market and shed
some light on the ever-evolving threats to business that can be mitigated
with the aid of brokers savvy enough to identify coverage gaps in existing
policies — primarily, Property and Business Interruption.

Business interruption is of particular note when discussing one of the
great untapped markets for Cyber coverage: small to midsized businesses.
These potential clients present the single greatest opportunity for Cyber
coverage, because they’re the ones who need it the most.

Businesses of this size don't have the IT and information security budgets
or personnel of a major corporation, nor do they typically possess the risk
management resources of a larger organization. At the same time, they’re
the segment that is most economically vulnerable to a cyber attack. If
their operations are shut down for a week because they’re locked out of
their computer system in a ransomware or cryptolocker incident, that lost
revenue could be crippling. Many businesses of this size simply wouldn't
survive a two-week shutdown.

Should those clients think their General Liability or Property policy
covers those losses, well … that's not always the case. "Silent Cyber" can
come into play here, where such a loss can indeed be covered if a
cyber-related event isn't explicitly excluded in the policy language. (As
always, your mileage may vary.) But even then, the limits within a Property
policy may cover just a fraction of the actual loss if damages are high.

"We are a market-share competitor in this space, and our biggest competitor
is self-insurance," said Michael Palotay, chief underwriting officer for
NAS Insurance Services in Encino, Calif. The challenge, he said, is
explaining the value of a well-crafted Cyber policy to the client or
prospect. When they see the potential loss as compared with the premium,
it's a slam-dunk.

Palotay added that retail and wholesale brokers are getting better at
articulating that value proposition.

"There's a desire to purchase if the premium is reasonable," Adam Cottini,
managing director of Gallagher's Cyber Liability practice, told me. "What
we fight an uphill battle on is education, and counteracting bad advisory."
He explained that there's some misinformation out there for clients on what
the coverages are. In the end, as in all policies, "there needs to be an
affordable exchange for the risk involved, robust protections for a premium
that's commensurate for that risk."

Related: Cyber insurance claims: What happens when a breach occurs

Greg Vernaci, AIG's head of Cyber for the U.S. & Canada, was a featured
speaker on a panel with me at ALM's CyberSecure conference in Manhattan in
December. He mentioned he's seeing an increasing trend of small businesses
wanting their vendors to contractually carry cyber insurance. A vendor that
has cyber exposure isn't one you want in your supply chain.

"Just because you're small doesn't mean that you're not going to be
targeted," he said. "You are."

Steve Anderson, vice president and product executive in Privacy & Network
Security at QBE North America, agrees that midsize businesses present the
largest market potential for growth. "Businesses outside of corporate
organizations handle customer-payment data, use networks that aren't always
as safe, and if they had a breach, their business could be shut down," he

"Those small business owners understand that to spend $5K to $10K on a $1
million policy is a smart move for them, and carriers are starting to give
them applications that aren't 20 pages long," said Anderson. In terms of
the preventive risk management services offered as part of the package, he
added, "It's a no-brainer."

Speaking about the Cyber market more broadly, executives in this space
remarked that competition is fierce, which in turn drives down rates and
expands limits. With so many carriers fighting to write all the business
they can in a market that hasn't seen "the big one" yet but definitely will
at some point, here's hoping that their underwriting is as solid as they
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180115/6da7a858/attachment.html>

More information about the BreachExchange mailing list