The Insuring Cyber Podcast: Returning to the Early Days of Cyber Coverage
With the sophistication of cyber attacks, claims growth, and now, a global pandemic driving a number of businesses toward remote work, it’s no question the cyber insurance industry has had to evolve rapidly since its onset.
Steve Robinson, National Cyber Practice leader for managing general agent and wholesale insurance broker Risk Placement Services (RPS), says one secret to tackling a growing number of challenges in cyber insurance could actually be a return, in part, to the industry’s early days.
“Nobody wants to say the “s” word these days, but sublimits – we’ve started to see it in measured amounts from certain insurers,” Robinson says in a recent episode of the Insuring Cyber Podcast. “I really believe that’s going to become the norm.”
He says this represents a return to cyber insurance’s beginnings when cyber extortion, the part of the policy that covers ransomware attacks, used to be offered at a $100,000 or a $250,000 sublimit.
“I think we’re going to start to see definitely…a return back to that model in order for insurers to be able to have this remain a viable coverage,” he says.
Like RPS, Beazley was an early player in the cyber insurance space.
“At the industry’s onset there, frankly, weren’t claims,” says Kirsten Dauphinais, head of US Cyber & Tech for specialist insurer Beazley. “It was a very new cover, so the claims data did not really present itself.”
Dauphinais says in the early days, cyber breaches could be as simple as somebody losing a laptop and information being stolen from it.
“The challenge that exists right now is that the ransomware events are much more frequent and much more severe and trigger so many different aspects of the policy,” she says.
Beazley initially entered the cyber insurance industry in 2005 with its InfoSec policy, Dauphinais says. It quickly learned, however, that a solution was needed for breach response so clients, particularly in the middle market and small to medium-sized enterprise sectors, felt more secure. It launched its Beazley Breach Response policy in 2009, which offered risk management services and support in addition to an in-house breach response team.
“What we learned through that process, what we’ve learned by having that connection with the clients, is just how overwhelming and stressful these events are and how much they need in terms of support and services and education and coaching through those events,” she says, adding that as the claims world has evolved, the coverage has also developed to meet insured needs.
Despite how much has changed since the beginnings of cyber insurance, Robinson says there’s still work to be done to increase buying, particularly among small businesses. “The unfortunate reality of cyber insurance, as I still believe, is that the take-up rate remains relatively low,” he says. “I would say less than half of small businesses still are not protecting as part of their strategy. They’re still not taking [cyber risk] seriously from a “do we need to buy the insurance?” standpoint.”
He goes on to explain that in the early stages of cyber coverage, industries such as manufacturing and construction, for example, weren’t considered big targets for breaches. At the time, he says breaches were primarily focused on theft of personally identifiable information like credit card and social security numbers.
“Over the last few years, that attack vector has changed greatly, and it’s now more about restriction of access to the network,” he says.
Adding to the challenge is that while a business can’t operate because its network is down, other expenses can mount, he says. “That’s been a big, big change….so good cyber coverage is going to be comprehensive, going beyond just online interference to areas like private data and communications in all of its formats,” he says.
To find out what else Kristen and Steve had to say, check out the latest Insuring Cyber Podcast episode, and be sure to check back for new episodes every other Wednesday published along with the Insuring Cyber newsletter.