Jump to winners | Jump to methodology
Cyber insurers are staying one step ahead of risks
It’s easy to forget that cyber insurance is a new and developing sector. It has nothing like the matrix used to insure vehicles.
“Automobile insurance is a very mature market because you have a lot of reliable historical data to price on,” says Gerry Glombicki, senior director at Fitch Group.
Relevant cyber data dates back only roughly as far as 2015.
“As the risks evolve, so does the cyber insurance,” Glombicki adds. “It will take some time to reach some level of maturity, if ever.”
“We as insurers do a lot of mitigation work that the majority of customers may not actually see. For the most part, we only alert those customers where we detect critical vulnerabilities or exposures and if you don’t have those, you probably won’t hear from us”
Jacob IngerslevTokio Marine HCC
Insurance Business America recognizes the 2023 5-Star Cyber winners for persevering in the face of such uncertainty and dealing with unknowns to become top cyber insurance companies.
“In cyber insurance, there’s a unique opportunity for insurers and brokers to help customers improve cyber resilience and mitigate losses and that’s becoming increasingly important,” says Jacob Ingerslev, SVP for cyber and tech underwriting at award winner Tokio Marine HCC.
“Part of it is that we as insurers do a lot of mitigation work that the majority of customers may not actually see. For the most part, we only alert those customers where we detect critical vulnerabilities or exposures and if you don’t have those, you probably won’t hear from us.”
What could insurers do to make selling cyber insurance policies easier?
During the survey process, IBA queried brokers on what insurers could do to facilitate policy acquisition. Their responses revealed the following priorities:
increasing education and engagement
ensuring an easier application process
setting higher limits and maintaining lower costs
standardization of terms and coverages
hiring better, more thorough underwriters
For Erika Fischerkeller, an account manager with Furman Insurance, it’s about the basics.
“They could make things easier by assisting clients with little to no cyber security measures in place,” she says. “When clients respond, they only have a virus scanner and use an everyday email system such as Gmail, and then the underwriters turn them down. It creates the opportunity for them to seek out perhaps an agent who advertises to specialize in cyber only. If we can assist with education and obtaining security measures and also writing the policy all in one, then we would be more successful and also help people secure coverage they may never have thought they needed.”
As leader of the eRisk underwriting practice at 5-Star Cyber award winner Crum & Forster, Nick Economidis works hard to simplify cyber insurance.
“We put a lot of work into the policy forms: while some of our competitors are issuing policies that are 60, 80 or 100 pages, we’ve crafted a sleek, easy-to-read, 16-page policy form,” he explains. “At the same time, we put the same effort into making the policy applications easy to read, understand and complete.”
A key area for Ingerslev is closing the awareness gap for cyber insurance in small business and personal space.
“The ransomware headlines of the past three to four years have certainly helped close that awareness gap, but there’s still room for improvement,” he adds. “One threat I always consider as being a great awareness piece is business email compromise fraud because it’s something that most people can relate to both as employees and consumers.”
The 2019 spike in ransomware sent the US and global markets into hard market conditions.
“The question everyone is asking is, are we going to be in a soft market within the next one to two quarters? I think that largely depends on what happens in the ransomware landscape,” Ingerslev says. “After a drop in the second and third quarters of 2022, we’ve seen a gradual return to more ‘normalized’ ransomware levels in the past six months, albeit still not comparable to 2020–21.”
Meanwhile, Glombicki underscores the importance of value.
“The question is, what am I paying for and am I actually getting an appropriate return for transferring that risk to the insurance carrier and just maintaining the risk in and of itself?” he says. “Because for the past several years, rates have done nothing but gone up and people are wondering, in terms of conditions that have gotten tighter, what value they’re actually getting from transferring this risk.”
What are the key areas for cyber insurance providers?
IBA queried brokers on what they thought were the hot spots in the cyber landscape. Among those mentioned were:
One broker, Matt Capel, a commercial client executive with Van Wyk Risk Solutions, says his primary growth area is the growing risk of business interruption due to cyberattacks. He says, “Many are left vulnerable and do not realize that their cyber insurance program has a separate coverage line item for business interruption that is often sub-limited to a lower coverage amount or not included at all. Another growing risk in the cyber space is social engineering and phishing scams.”
Ingerslev reveals that a segment of the market is untapped. “I think the market is relatively saturated in the Fortune 1000 space, although there’s still some room for growth. Where we continue to see the most significant opportunity for growth is small and micro business, where the penetration rates are still fairly low or coverage is purchased on a bolt-on basis by many policyholders, which typically means narrower coverage and small limits.”
Economidis is bullish on a potential increase in demand from companies for higher limits. “They’re going to want or need limits commensurate with those exposures. And for the companies that don’t recognize the importance of computer systems and security of data, their trading partners will recognize the importance of these issues and demand that their trading partners maintain sufficient (third-party) limits of insurance to protect their interests.”
“While some of our competitors are issuing policies that are 60, 80 or 100 pages, we’ve crafted a sleek, easy-to-read, 16-page policy form”
Nick EconomidisCrum & Forster
What is most important to brokers about
During the survey, IBA asked brokers to rank what is important for insurers to provide across 10 categories.
Economidis: “No one wants to find out that a loss isn’t covered.”
#2 Claims payment/processing
Economidis: “What good is great coverage if it isn’t coupled with good handling of a claim?”
Ingerslev: “Coverage and claim payments go hand in hand and that’s always going to be the number one reason companies buy cyber coverage and insurance in general.”
#3 Underwriting expertise
Economidis: “The underwriting process shouldn’t be a black box. Buyers should understand how their risk control efforts affect underwriting and pricing. Good underwriting management is the key to stability in terms and conditions from year to year.”
#4 Cyber response
Economidis: “At Crum & Forster, we’re strong believers that insureds don’t want to spend weeks and months dealing with the aftermath of a cyber event. What they want to do is go back to implementing their business plans.”
Ingerslev: “Breach response is another important one and it’s good to see that it’s number 4 on the list. This is an area where we’ve seen significant improvement with the establishment of in-house incident response teams among several insurers. That makes the experience at least somewhat less painful for insureds if they do encounter a cyberattack and ensures a consistent response by competent vendors.”
Economidis: “No two risks are the same. Good brokers work really hard to understand the unique needs of each client. Flexibility is another critical, and too often overlooked, attribute that is a hallmark of a great insurer.”
“As the risks evolve, so does the cyber insurance. It will take some time to reach some level of maturity, if ever”
Gerry GlombickiFitch Group