I am a sucker for the new and novel. I think start-ups are cool, I embrace change and look for new frontiers. When I saw that Cyber insurance wasn’t regularly utilized in insurance I was ready to plant my flag. Like my friend Nick Lamparelli would say, Cyber is like fire insurance, except the Cyber risk is all around you, and getting better every day.
In this article I will breakdown what I know about Cyber insurance and what I am looking to learn. I will plan on writing follow-up articles on specific Cyber policies and Cyber related news. Thanks to my friend Nick, again, I am even kicking around making some Cyber insurance videos on YouTube.
Cyber insurance was first sold in the 90s, hit a relative high in the early 2000s, but shrank again after the .com bust (thank you Wikipedia). Today the market is 2 Billion dollars and it’s expected to grow to 20 billion dollars by 2025 (again, thank you Wikipedia). 90% of the Cyber market is currently in the US.
There are Cyber insurance policies written on Standard paper (standardized insurance coverages), and then there are policies written on Non-Standard paper (they have greater flexibility). Nearly all competitive policies include some sort of 3rd-help assistance in times of crisis, data breach, cyber extortion, etc. Most include assistance in restoration of first and third party claims (your company’s damages versus your consumers damages).
Claims can often be made for data breaches, data exposure, phishing, hardware breakdown, business interruption, hacking – the list goes on. The coverages and limits are usually very similar to what you’d see in a General Liability policy, but they are all based on Cyber exposures which are largely excluded on a standard GL policies. GL policies may have $25,000 for Cyber or data issues, whereas Cyber policies will have million dollars-plus of coverage and be a lot broader in what they’ll cover. For perspective, Cyber losses can regularly be in the hundreds of thousands of dollars.
Where the policies can get interesting and different are the preventive services offered. Most just want to make sure you have firewalls, antivirus and your files backed up, that’s just good housekeeping these days. Some policies will do a network test for you (Corvus) looking for vulnerabilities, others will do fake phishing tests (Paladin) to see how aware your employees are. I think these added options are pretty cool. Some policies have very wide coverage, like if Amazon Web Services goes down. If Amazon Web Services goes down I think we have bigger issues to contend with. You have to read between the lines and see what coverages make sense.
I want to learn the mechanics of a modern office better, what are the external network vulnerabilities and what are the internal network vulnerabilities. I want to learn the value of encryption and two step authentications. I want to see what an internal “security system” for your network would be. I know there’s a lot you can do to keep data safe, I want to see what reasonable Cyber security steps are and what may be overkill. The crazy thing about Cyber is you can take all the steps in the world, but you still can’t guarantee no losses.
Also, I know that Cyber Insurance not a perfect market right now. There isn’t as substantive data on Cyber risk are there are on others risks, GL, WC, etc., because it’s hard to know what the losses truly are. A lot of Cyber issues go unreported due to the fear of negative press. It may actually be an ideal time to get Cyber in place because as the market matures the rates may go up when we have a better sense of the risk.
In future articles and videos, I will review specific company offerings, and offer basic housekeeping tips. I will be learning as we go on this. I am far from an expert, but I think to be a responsible commercial insurance agent going forward I am going to have to be savvy in the Cyber insurance market to help properly protect my clients.
When you think of all the individual exposures we have, then you look at industries like medical devices and Target being hacked, it’s amazing that we still have to prove that a Cyber insurance conversation has merit. In any case, I’ll try to bring you the most up to date info on Cyber insurance, and I’ll look to deliver it in a digestible manor. Thanks for your time!
And thank you my friend Ben [Binyamin] Guttman,CPIA,PLCS,cyRM for proving this article, just to show how real Cyber threats can be, here’s an article about a fake vendor phishing the DC government for $700,000:
In related news, Blackberry bought the Irvine based Cyber Security firm Cylance for four Billion dollars. Cylance has software to help prevent Cyber attacks, the size of that acquisition shows the value Blackberry is seeing on Cyber security tech going forward.
Cylance already had $130,000,000 in revenue last year. With that kind of money going into preventive measures, it only makes sense that that reactive measure (Cyber Insurance) will grow too. Cylnce was purchased for 75% of the Cyber insurance market cap. Here’s a story on the acquisition:
Please message me below, please reach-out if you have any questions about Cyber insurance or want to get into a conversation. I am far from an expert, just somebody excited to learn about the Cyber Insurance field and looking to add value to the greater insurance conversation.
All the best,
- Broker Brett
PS: Please feel free to pitch ideas for future products to review, ideas to explore, or places where you see gaps in the cyber insurance marketplace.