Some major industry players have launched new policies designed to address growing need and demand for cyber insurance.
Marsh, the global brokerage unit of Marsh & McClennan Cos., recently unveiled a cyber insurance policy targeted to large companies that want to better manage the issue of cyber-related data disruption or unexpected technology outage. Aon Benfield, the global reinsurance intermediary and capital advisory of Aon plc, said it has secured reinsurance capacity for new cyber coverage developed by the Lloyds syndicate of mutual energy insurer AEGIS London.
The launch of both products comes as the risk of cyber attacks and business disruptions has increasingly come into play for everything from the energy industry to retail, striking giants in the latter space including Target and Home Depot. Underscoring the sense of urgency, the U.S. Senate Intelligence Committee considered a bill earlier this summer designed to encourage companies to exchange information on hacking attempts and cyber security threats with the government.
With that backdrop, insurers are increasingly developing new coverage in the space, because they see a gap between need and coverage options that could help businesses and others handle ever-evolving cyber disruption risks.
“There is a growing recognition that traditional property/casualty carriers are taking a very express position on new placements—basically that cyber risk isn’t covered; whereas in the past, policyholders may have relied upon manuscripted wordings granting coverage/removing exclusions or the more ambiguous “silence” as to the specific risks,” Bob Parisi, Marsh’s network security and privacy practice leader, told Carrier Management via email. “There is also a growing awareness of the full spectrum of cyber risks and perils.”
In Marsh’s case, the new policy is known as Cyber–CAT. It is underwritten “by leadering cyber insurers” with limits of more than $300 million in coverage above a minimum $100 million self-insured retention. Marsh said that the policy, in addition to higher capacity, offers coverage “over and above” what standard cyber insurance policies provide right now, including physical property damage due to a system failure. Marsh touted the policy as something that clients can customize to include coverages such as privacy and security liability, information assets, business interruption coverage (including extra expense), cyber extortion, criminal reward fund, and crisis/event management.
Parisi explained to Carrier Management that the new policy came to be because “the current cyber market was not adequately addressing the needs of a certain segment of potential buyers, that segment being large organizations that viewed their cyber risk as purely catastrophic and wanted (a) large limits programs (b) the flexibility to manage their risk–through a large deductible …. and (c) broad coverage wording that more adequately addresses the full spectrum of cyber-related risks.”
Parisi said that property damage caused by cyber perils isn’t covered under a typical cyber policy, and is usually excluded from traditional property/casualty forms. As well, he said, “the ability to gather truly significant insurance capacity in support of a broad cyber policy, in excess of $200 million-$300 million, has been problematic.”
The Aon Benfield/AEGIS London policy provides comprehensive cyber risk management service, including risk and maturity assessments to help reduce future cyber loss risks. As well, policyholders can tap into “incident response teams” if they face any kind of cyber reach, according to the release.
As well, AEGIS policyholders can separately reinsure their cyber exposures with a number of reinsurers. This is a big change, Aon Benfield said in its announcement, because cyber exposures have traditionally been included within property/casualty and other lines of reinsurance cover. Doing it that way, however, can make the level and scope of coverage a challenge to ascertain, the company said. The AEGIS London facility will provide “holistic cover against cyber losses” including operational informational technology breaches, according to the announcement. The announcement argued that this approach is “needed to deal with emerging cyber threats and exposures” in manufacturing, marine, aviation and other “critical infrastructure industries.”
“Our aim with this cyber product is both to highlight the potential for cyber losses in the market, and to provide a comprehensive, standalone coverage for those exposures,” Rick Welsh, head of cyber insurance at AEGIS London, said in a statement. “This allows insurers and reinsurers to better evaluate their cyber risks.”
Tom Wakefield and Jerry Blake, cyber experts and members of Aon Benfield’s Global ReSpecialty Composite team, said in a statement that working with AEGIS London has helped “bridge a gap in the cyber sector by sourcing the high quality reinsurance capacity required to bring this product to market.”