Fierce competition in the cyber insurance market means your average client should have no problem procuring a cyber policy that offers extensive coverage at a low price.

By expanding coverage options and increasing limits, insurers are doing their best to keep up with an exposure that’s constantly changing—but that can be easier said than done.

The greatest challenge today is that as a risk, “cyber is so broad,” says Ted Richmond, director, RGS Limited, LLC. “Do you do online banking? Do you accept payment cards? Do you use email? Do you store any customer data, whether that’s names, addresses, phone numbers or even just email addresses so you can send out your monthly newsletter or coupons? Every business out there has some type of cyber risk.”

As cybercriminals become more sophisticated in terms of the threat vectors they’re able to use to their advantage, “it’s very difficult for the insurance community to stay up to date with everything that’s occurring, due in large part to lack of technical acumen,” says Shawn Ram, head of insurance at Coalition. “But that means the opportunity is endless to improve and enhance coverage from a digital or cybersecurity risk standpoint.”

Here are four types of cyber coverages which haven’t yet appeared on mainstream cyber policies, but which your savvy clients may start asking about in the years to come:

1) Theft of intellectual property. This is an area where Prashant Pai, vice president, cyber offerings at Verisk, is seeing “a lot of conversation, but not as many coverage options yet.”

The classic example is the Coca-Cola recipe being stolen, Pai points out. “Especially among larger insureds, we’re seeing a lot of interest in procuring coverage for that type of risk,” he says.

2) Service fraud. Historically, this type of coverage has been referred to as “telecommunications fraud,” Ram says. But that’s a description more appropriate for the late 1990s or early 2000s than for 2018.

“Today, the issue is not adversaries taking over VoIP networks—it’s adversaries taking over infrastructure of companies in order to mine for cryptocurrency,” explains Ram, who notes that a type of cyber insurance called service fraud coverage would protect against this type of loss.

3) Bodily injury and property damage. Most businesses don’t realize that a cyberattack has the capacity to breach their physical barrier. But virtual exposures like crypto-mining and wire transfer fraud are “not the only hazard associated with cyber,” Ram says.

Consider Stuxnet, a computer virus discovered lurking in power plants, traffic control systems and factories around the world in 2010. The malicious worm was 20 times more complex than any previous virus code and boasted a wide array of alarming capabilities, such as the ability to turn up the pressure inside nuclear reactors or switch off oil pipelines—all while assuring system operators everything was normal.

Scary stuff, considering that was nearly a decade ago. “Today, a cyber-related event could easily cause bodily injury or property damage. A cyberattack on a manufacturing facility, for example, has far-reaching consequences,” says Ram, who adds that pollution coverage could be an important component of a cyber policy for the same reason.

4) Personal cyber coverage. Personal cyber policies have been available in the high net-worth space for several years. But will demand soon increase among standard personal lines clients?

“I still feel it’s a bit ahead of the curve—I don’t see this becoming mainstream for at least two or three more years,” Pai says. But between WiFi-enabled cars and the proliferation of the Internet of Things, “everything seems to be connected to the internet. That means your exposure to a cyberattack is growing, even just in the home, even with something as innocuous as a refrigerator.”

Beyond connected devices, “some of the same issues you face on the corporate side apply to the personal side as well,” Ram says—for example, spearphishing emails to obtain bank account passwords or routing information. “Financial institutions are concerned about this, because their policies don’t pay for those types of personal fraudulent transfers.”

Richmond expects personal cyber insurance to become common over the next few years—just not in the form of standalone policies. “Where I see it coming into play is on a homeowners policy as an endorsement or add-on,” he explains. “Especially as the homeowners market is trying to grab more premium, how do they provide value to their customers? Cyber’s an easy marketing tool.”

Jacquelyn Connelly is IA senior editor.