The cyber insurance market is haphazardly morphing and hardening in the wake of some recent losses to create a challenging environment for brokers and buyers.
During a recent conference panel discussion, brokers Robert Parisi and Mary Guzman expressed their observations of a market in motion—one that “has hardened within the last 6 months to a year,” said Parisi, the national practice leader for tech, network risk and telecommunications for the FINPRO unit of Marsh.
He said clients who looked at, but didn’t buy, cyber insurance a year or two ago are expecting the same price for a policy. But it’s too late for that. Additionally, there are “only a limited number of markets (insurers)” to choose from, said Guzman, senior vice president and account director at McGriff Siebels & Williams, because some carriers have stopped writing cyber altogether or have restricted underwriting to industry classes with perceived less cyber risk.
While most insurance buyers who have participated in the market “recognize it’s a marketplace,” accounts are still difficult to manage, especially for clients who either want to buy more limits or are first-time buyers, Guzman added.
John Merchant, AVP of commercial E&O for Freedom Specialty Insurance Company, said building an insurance tower has also become challenging because it is not unusual to see several carriers pull out of a tower at renewal.
And those that remain in the cyber insurance game are being picky—about the industry class and about where they sit on the tower, according to Parisi. He said he looks at capacity charts to gauge the marketplace and plenty claim to write cyber but: “I go out with a financial institution [risk] and 12 [insurers] leave. I look for business interruption and 12 leave. Everyone wants to be in, but…”
Parisi expressed some frustration with insurers’ blanket exclusion of certain classes, such as retail. The marketplace declares “everyone is bad—they are all on the ‘floodplain.’ This is a distressed class.”
“Can there be good risk in a bad class?” he asked rhetorically.
Guzman said her experience dealing with the marketplace allows her to get a sense of which insurer is interested in each industry class, but sometimes there are only a handful for the primary layer.
“You get a feel for who wants to play where,” she said, and added that most want to be “just outside the ‘burn layer,’”
Interestingly, Guzman suggested more quota shares. She said she has organized a few such arrangements for clients. While these types of programs create efficiency and transparency, said Guzman, others said there was one concern: a lead carrier to handle claims when an incident occurs.
Another aspect of the cyber insurance is self-insured retentions. Guzman said they are up but voluntarily taking higher SIRs “almost never makes sense” because the reductions in policy price aren’t enough for the buying organization to assume more of the risk.
Merchant said sublimits are “going away for the most part,” hopefully. This would make building an insurance tower easier, without multiple sublimits with multiple attachment points.
Matt Prevost, national product line manager for network security, privacy and tech products for ACE USA, said sublimits are present for retailers with PCI exposure.
“Modeling business interruption remains the holy grail.” – Parisi
“Who cares?” – shared line from Parisi and Prevost regarding the size of the cyber market (projections typically fall in the $2-$2.75 billion range). The two execs said they are only concerned about growth, which is continuing.
“A typical underwriter. After he spills the water, he puts the cap on the bottle.” – Parisi to Merchant after Merchant spilled his bottle of water on the table.
“We’re paying, paying, paying. We’re paying what we are selling.” – Prevost. He was addressing the perception that insurers are denying many cyber claims.
“I want to know you bought what you could.” – Guzman playing the role of a shareholder.