From: PropertyCasualty360.com
By Michael P. Voelker
Cyber insurance maintained its double-digit premium-volume growth in 2012, with capacity high, pricing competitive and buyers increasingly willing to pull the trigger on both third- and first-party coverage. Thanks to a proliferation of data breaches, an ever-increasing number of regulations around the protection of private information, and the growing availability and awareness of Cyber insurance, business is booming in this marketplace.
“It is big, and it’s growing,” says Rick Betterley, president of Betterley Risk Consultants.
How big? Standalone Cyber insurance is now a $1 billion market, according to Betterley’s 2012 Cyber/Privacy Insurance Market Survey, up 25 percent from $800 million in 2011. That still makes Cyber a small fraction of the total U.S. P&C marketplace; however, it does put the coverage in line with the $1.4 billion Employment Practices Liability insurance (EPLI) market—even though Cyber has been around only half as long.
“There is definitely a heightened awareness of the coverage today,” says Florence Levy, national practice leader with Aon Risk Solutions’ Cyber risk practice. Aon’s Cyber business grew about 30 percent over the past year by number of policies. Thomas Herendeen, vice president of underwriting at Philadelphia Insurance Cos., reports a 20-percent growth in the company’s Cyber customer base.
“More clients are looking, and we are seeing greater seriousness to their research,” says Robert Parisi, network security and privacy practice leader for Marsh. “Most of the accounts we take into the process of quoting are buying the coverage. Our book is growing commensurate with that activity.”
Betterley’s survey found a wide range of total premium among Cyber writers. Two carriers reported more than $50 million in premium; others were in the $10-$25 million range; most markets were under $5 million.
Business spans the spectrum of exposure, from high-risk financial institutions and health-care businesses to retail and manufacturing. Chubb won’t talk about actual premium volumes in its CyberSecurity product line, but Vice President Ken Goldstein says that account classes have been “across the gamut,” with average policy limits of $1-$5 million.
CLAIMS COME TO LIGHT
Although many headlines have been written about data breaches, much less has been publicized about the claims that carriers have actually paid. Here’s what we do know.
Cyber-risk management specialist NetDiligence in October 2012 published its second annual study of actual payouts reported by major underwriters of Cyber insurance for data breaches based on claims made between 2009 and 2011.
The study found that personal identification information (PII) was the most typically exposed data type, followed by private health information (PHI). The average claim per breach was $3.7 million; however, large claims of up to $76 million skewed the average. The typical loss cost insurers about $200,000. Third-party damages represented the single largest component of claims.
These third-party damages can stem from the direct financial loss suffered by victims of a data breach. “We had a client where a hacker got access to prepaid debit cards and increased the value from a small amount to a significant amount, then sold access to those card [numbers]. That was a significant loss over a two-day period—a policy-limit loss,” explains Peter Foster, executive vice president of Willis Group’s FINEX North America division.
Leave a Reply