Data security and privacy (cyber liability) insurance has become one of the hottest topics for the insurance industry and an area of growth for an industry emerging from a soft market. While data and privacy breaches continue to make big headlines, related insurance losses have generally been favorable, and carriers have been placing an increasing amount of cyber liability coverage. Many view the growth of cyber liability insurance as a positive for the insurance industry, but there is a significant issue lurking behind the scenes that may not be properly addressed by the industry: aggregationExecutive Summary Many view the growth of cyber liability insurance as a positive for the insurance industry, but there is a significant issue lurking behind the scenes that may not be properly addressed by the industry: aggregation.
When carriers write property insurance, they are careful to prevent excessive aggregation exposure from a single catastrophic event. Through underwriting and transference, carriers are diligent in preventing too much capital from being exposed to a single loss event.
This same diligence is generally not applied toward data security and privacy insurance. The concept of aggregation is rarely mentioned among cyber liability underwriters, and even when it is discussed, the general consensus is there is not enough solid information to identify, let alone manage, the aggregation exposure.