Financial losses associated with internet-enabled theft, fraud and exploitation rose from $2.7 billion in 2018 to a staggering $3.5 billion in 2019, according to statistics from the FBI’s Internet Crime Complaint Center’s annual Internet Crime Report.
Cyber threats are becoming extremely difficult to stop and awareness among businesses about the effect of a cyberattack on their operations is growing. As a result, the demand for cyber liability insurance is growing, too.
Between 2014 and 2018, Marsh US witnessed the number of their clients purchasing cyber insurance more than double—from 19% to 38%.
Moreover, nearly three-quarters of U.S. firms plan to increase their cybersecurity spending, according to the 2019 Hiscox Cyber Readiness report.
And insurers have responded to this demand. “There is certainly no shortage of capacity, with new carriers continuing to enter with new offerings,” says Timothy Zeilman, HSB vice president, Global Cyber Products. “Because of this ample-capacity situation, we’ve seen a consistent trend towards expanding coverage and easing rates over the last 18-24 months.”
But amid rising losses and ever-changing threats, cyber liability insurance is “heading to an inflection point,” says Ken Heebner, senior account executive, TrustStar Insurance Services, Inc. in Universal City, Texas, who predicts “we’re going to see big changes in the cyber insurance industry.”
As coverages adapt to meet the increasing demand for cyber coverages from businesses large and small, “changes in the scope of coverage, as well as increased marketing, is going to increase agents’ closing ratio. But what will also occur is an increase in claims because people become more aware of what a claim is,” Heebner says.
However, in the rapidly evolving cyber liability marketplace, agents and insurers must work hard to stay up to date. “It’s still a maturing market and coverage changes are more frequent than in other more traditional commercial insurance products,” says Jacob Ingerslev, head of global cyber risk, The Hartford. “Cybercriminals are highly innovative and policy forms have to be updated frequently to keep up with new cyber threats to ensure that coverage responds accordingly.”
The frequency and severity of losses in cyber liability are on the rise due to two particular types of cyberattack—ransomware and business email compromise. Between 2016 and 2018, business email compromise has cost organizations around the world more than $26 billion, according to the FBI’s 2018 Internet Crime Report, while ransomware accounted for $8 billion in losses during 2018 alone.
“Neither of these threats was specifically addressed in most cyber policies five years ago and there are still some of those dated policy forms in the market,” Ingerslev says. Moreover, “business email compromise exists in multiple different forms and that is not necessarily reflected in older policies, if at all.”
“Most gaps can be closed with enhancement endorsements, but as policy forms become more dated, the number of endorsements required to keep coverage up to date results in a complicated and, at times, uncertain patchwork,” he adds.
The solution to increasing cyberattacks will come from better mitigation and comprehensive coverage, Heebner explains. “As an industry, we’ve really got to go out there and get in front of the issue,” he says. “We need to get involved in the mitigation part in the same way that we do for homeowners in relation to flooding and water damage.”
“There are a lot of assumptions being made about what coverage exists, especially for small businesses, which is providing an illusion of coverage,” he adds. “If agents are proactive and provide tools and resources, we’re going to create stronger companies and keep them safe.”
“Agents can benefit from partnering with companies that have tools available to provide particularly small businesses with cyber health checks as well as cybersecurity services to help those businesses mitigate the risk of cyberattacks against them,” Ingerslev agrees. “Use carriers to arrange awareness events for potential clients where cyber risk is explained in tangible terms and the benefits of cyber insurance laid out.”
Will Jones is IA managing editor.