Cyber Risk, Cyber Security, Cyber Insurance
Anyone who has been tasked with seeking quotations for Cyber Insurance in recent months will know that it is more difficult to do now, than at any time in the past. We are in what is called a ‘hard market’ – meaning there are fewer insurers offering quotes than there were when the market was ‘soft’. Those that remain are reviewing what cover they will provide, and their premium levels.
In this piece, we look at what is happening right now in the Cyber Insurance market and some tips for those looking to obtain quotations.
Most commercial insurances take time for claims to catch up with premiums. For example, Employers’ Liability or Professional Indemnity claims often work their way through the court system and can take years.
Cyber Insurance is unique in that insured incidents tend to be resolved relatively quickly. This is a positive for insurers who have adequate incident response capabilities as they can better control their claim costs.
This also means that pricing of premiums can quickly be tailored to factor in the ‘claims environment’, so ransomware trends have quickly translated to increased premiums.
The main reason for higher premiums has been, unsurprisingly, ransomware. It is a huge issue for insurers and their insured’s as the costs can be enormous. These can include restoring systems, replacing hardware and software, loss of income to the business and even loss of profits due to reputational damage.
Quite often there is no alternative but to pay the ransom, and again this is often covered by the policy.
Insurers have responded by asking for much more detail (many CTOs have had to complete more than one Ransomware Questionnaire in the past 12 months) and also by limiting the ransomware cover.
Some examples of this:
- Co-insurance – any ransomware payment is split with the insured at a pre-agreed rate. The idea is that all parties’ interests are aligned, it incentivises firms to have good backups.
- Offering a low ‘sub-limit’ – e.g. you might buy €1m of Cyber Insurance, but the cover for ransomware claims is only €250,000.
- Limiting it to last year’s Gross Profit – seldom used.
The sheer frequency and severity of losses have made some sectors extremely hard to insure. One such example is manufacturers, particularly those who are part of critical supply chains. Solicitors are also a prime target; a leading insurer has advised that the profession accounts for 15% of their total premium, but over 60% of the total ransomware claim payments.
The Pandora and Panama Papers certainly opened Pandora’s Box…
Top 6 Tips for Cyber Insurance
A hard market means it is crucial to correctly present your ‘risk’ to insurers. By doing so you give yourself the best chance of securing the best possible quotes.
Presentation is Key
Proposal forms must be fully completed and legible. A rushed, half-completed form or providing the same responses as the prior-year can give the impression of treating this as a ‘tick-box’ exercise. Typed responses are preferred to handwriting.
Keeping up Standards
If you have certifications or standards which you feel are relevant, share them with the insurers. If you feel the proposal form doesn’t adequately allow for this, attach a brief cover letter or summary in your email to your broker.
Time is the Broker’s Friend
If you are late the process will appear rushed and you are doing yourself a disservice. We are now inviting renewals much earlier than before, to factor in slower response times and market changes. Ideally, your broker will have the completed proposal form 4-6 weeks out from the renewal date, or inception date if you are purchasing cover for the first time. This shows the insurer that you prioritise Cyber Insurance and cyber security.
Lessons Learned From Cyber Incidents & Claims
If your company had such incidents in the past, can you show you are more resilient because of the experience? What lessons have been learned and what upgrades made to prevent re-occurrence?
Aim to be With Insurers With a Long-Term Commitment to the Market
That is insurers that have invested in this space, as they are more likely to be around in future years. With Cyber Insurance you get what you pay for – cheap quotes are usually based on more restrictive policy wordings. Quite often these insurers will not have the premium pool built up for when claims come in. If you’re not sure about a particular insurer, ask! Trusting your broker is key so…
Find a Broker That has Technical Expertise in This Area.
Cyber Insurance is still relatively niche – find a broker that has built up relationships with insurers and knows how to present your risk to the right markets. If not sure, speak with your industry body or peers to see who they recommend.
This blog post was contributed by Brian O’Mara of O’Leary Insurances has specialised in Cyber Insurance for 9 years. O’Leary Insurances has been a member of Cyber Ireland since its inception.