The coronavirus pandemic played a dramatic role in the acceleration of technology in companies, leading underwriters to scrutinize businesses' exposures and the safeguards they have in place.
Professionals in seven out of eight countries rank a cyberattack as the No. 1 threat to their business, according to the Hiscox Cyber Readiness Report™ 2022, which surveyed over 5,000 workers who are responsible for their company's cybersecurity from the U.S., U.K., Belgium, France, Germany, the Netherlands, Spain and Ireland.
The facts illustrate why: In 2022 in the U.S., the median cost of a cyberattack increased by 80% to $18,000, up from $10,000 in 2021, according to the report. Further, over the past two years, cyber risks have evolved significantly, impacting not only the cyber liability market but also the technology errors & omissions landscape.
“The technology E&O and cyber markets have drastically shifted over the past five years—from the softest market to the hardest in the professional liability space," says Cooper O'Connor, senior broker, professional, management and cyber insurance, Burns & Wilcox. “Both have seen drastic rate increases and restricted capacity with primary $5-million limits much harder to find on both lines, and towers often needing to be built with policies of $2 million to $3 million."
The coronavirus pandemic played a dramatic role in the acceleration of digital processes and technology in companies and society overall. As a result, underwriters are scrutinizing businesses' exposures and the safeguards they have in place against increasing threats.
While E&O underwriting is becoming more sophisticated, particularly when it comes to cyber, more buyers are looking to include E&O as part of their cyber programs. This is resulting in the traditional E&O market capacity eroding as E&O carriers increasingly offer tech E&O blended with cyber, according to a report by WTW.
The underwriting process is evolving to meet a “cybercrime battlefield that is constantly shifting and changing, making it particularly difficult to model, monitor and rate for, but standalone cyber policies are expertly designed for these risks," says Tyler Peterson, senior vice president, head of professional risks, Hiscox USA.
“You may see changes in the market to E&O policy conditions removing network security, privacy liability and cyber exposures unless the liability coverage is a core part of the E&O exposure, like for an IT professional," Peterson says.
Developments in the underwriting of technology E&O risks include the introduction of “scans of an insured's network to check where vulnerabilities might exist and fixes to these vulnerabilities, which have become subjectivities for many carriers in order to bind coverage," O'Connor says. “Scans of the insured's network ensure they have a secure network and help carriers reduce their number of claims."
As the E&O market evolves, agents can provide the best path forward by understanding the ins and outs of what the market has to offer and tailor the coverage that fits their client best.
“Luckily for purchasers of E&O insurance, admitted carriers have historically offered broad coverage and continue to do so in order to be market-leading," says Lee Genecki, vice president of professional liability, Travelers. “Although not typically addressed through an E&O policy, cyber is still considered an emerging coverage that is offered in many different ways to professional firms and is an exposure that must be considered."
Also, within the miscellaneous E&O market, “there is a mismatch, one that works in the insured's favor," Peterson says. “Rate increases are beginning to stabilize due to new market entrants and broadening appetites. However, we cannot be sure how long this will last as claims are continuing to rise."
Most notably, claims “are becoming more expensive as a result of rising legal fees and social inflation," Peterson says. “This is a fine balance and carriers are trying to keep the scales from tipping too much either way."
When it comes to claims relating specifically to technology E&O, “the main driver of price increases and capacity restrictions are ransomware and social engineering losses," O'Connor says. “Ransoms continue to increase, especially when the cybercriminal knows the insured carries cyber insurance. With more people working from home, multifactor authentication on remote access has become almost a necessity to secure cyber coverage."
Agents play an important role in identifying when technology E&O and another form of E&O must be bought together. “As the push to automate traditional services continues, this is becoming more common," O'Connor says. “We often see this within the fintech, biotech and InsurTech spaces: There are very few products that exist that are all-encompassing for these industries."
Olivia Overman is IA content editor.