Smaller Firms Showing Interest in Cyber Liability Coverage: Aspen’s Vitale

Cyber liability insurance isn’t just for large corporations anymore.

Demand for cyber liability insurance is now coming from middle-sized and small businesses, according to an insurance CEO who believes the market potential is tremendous.

“Now we see many, many what I would call medium-sized companies interested in or purchasing the coverage, and even the smaller risks are, too,” said Mario Vitale, CEO of specialty insurer Aspen Insurance Co., in a recent video interview with Wells Media Group at the Professional Liability Underwriting Society (PLUS) meeting in Las Vegas.

“What Aspen has done is evolve from just a large-account specialty cyber-risk provider to now middle-market and smaller risk, too. There, I think, the growth potential is almost unlimited.”

Market Research

Vitale’s experience tracks with others’ predictions and recent market research.

Lloyd’s of London CEO Inga Beale recently said she expects the market for cyber insurance to surge after hackers attacked JPMorgan Chase & Co. and Home Depot Inc. “It’s going to grow dramatically with all the high-profile hacking incidents,” she said in a Bloomberg TV interview.

A report by insurance broker Marsh this spring found a significant increase in interest for coverage and new business in 2013 continued and even accelerated in 2014.

Marsh has projected that the U.S cyber insurance market that generated $1 billion in gross written premiums last year could reach as much as $2 billion this year even as rates remain stable.

The rising interest in cyber risk by medium and smaller firms also tracks with their increased awareness of their own vulnerability.

Almost one-third of U.S. small businesses surveyed by the Ponemon Institute had a cyber attack in the previous year, according to a study sponsored by The Hartford Steam Boiler Inspection and Insurance Co. Nearly three-quarters of those businesses were not able to fully restore their company’s computer data. The study found many of the small employers suffered multiple breaches.

A recent Advisen report found that smaller companies are increasingly being targeted because they often have less sophisticated security and, in some cases, can act as a conduit to larger companies. Advisen found that while the smallest companies had previously viewed cyber risk less seriously than their largest counterparts, this gap is closing.

A more recent survey by Partner Re and Advisen this past August of 500 insurance carrier executives, brokers and risk managers found that the vast majority of respondents indicated some growth in demand for cyber liability. Respondents offered supporting commentary, saying they are observing that the sales cycle has shortened since two years ago and that instead of binding one out of every 10 quotes, they are now binding one out of every five.

Aspen Insurance has been insuring cyber liability for some time but the company is hardly alone today. The PartnerRe-Advisen report estimates there are 35 insurers writing cyber insurance as a stand-alone product in the United States, and many more are providing it as an endorsement. Vitale thinks the total number of insurers in the market could be as high as 75.

“[I]t was only 15 years ago when this particular product line really came into its own but there were very few buyers. Everybody talked about it, but there weren’t enough losses falling through to spur, if you will, client demand,” he said.

“Jump forward 15 years to today. All you have to do is open any newspaper, anywhere in the world, any day, and you hear about a cyber attack including, of course, what’s been happening with the large retailers like Target, which get access to millions of customers’ financial information. It’s really quite concerning. The demand is now really strong.”

Growing Risk

Vitale suggests that demand for protection will continue to grow because hackers are growing. This places more pressure on insurers to come up with solutions.

“[T]he hackers are getting more sophisticated. They’re getting better at what they do,” he said. Thus, he said, the insurance industry has to get better at both risk management and at creating products and services including for cyber-related business interruption, which he said is “probably the hardest to underwrite.”

“You have a brand reputation part of it, the restoration process, and of course, the next part of it is business interruption. As an industry, we’re still all struggling to put our arms around that and how we can find some creative solutions for our clients,” Vitale said.