After several years of competitive pricing and capacity expansion, cyber insurers appear to be reassessing coverage breadth.
Asked whether carriers are beginning to restrict coverage, panelists at Zywave’s Cyber Risk Insights con
ference in New York last month said there are some signs, especially when it comes to privacy coverage.
Beth Gidicsin, a regional cyber practice leader at Lockton, said many insurers are evaluating–with some taking action on–the expansion of privacy risk.
“Many cyber insurance carriers have broad privacy or affirmative wrongful-collection coverage,” she expla
ined. “But also many are continuing to start to say, ‘I don’t know
about this anymore. We need to start looking at this.’ Many are putting exclusions on the policies.”
She said some new policies have the exclusions, but clients can add the coverage back in “if [the carriers] are actually underwriting to it.”
Gidicsin said the shift is due to a rise in privacy litigation, driven by regulatory changes in the U.S. and abroad. Traditional cyber policies weren’t exactly built f
or these related losses. Coverage for privacy had been triggered by a data breach, with response to regulatory fines and p
enalties. But with evolving laws, there “doesn’t actually need to be a data breach-type event for privacy litigation to come after one of our companies.”
The broker said she continues to push for broad privacy coverage for clients since it is developing as a bigger
Watch More Image Part 2 >>>
risk for all industry classes, but she is doing so knowing that carriers will need to underwrite to a new understanding of the risk.
Gidicsin offered additional perspective on acquiring coverage for gaps from other product lines, such as pr
operty. A long-standing problem in the industry has been whether cyber-related property damage is covered by a cyb
er or property policy, but the industry is trying to innovate–possibly with a new product.
Beyond privacy, the market continues to try to innovate. Carriers are experimenting with AI-related endorse
ents and exploring solutions for cyber-triggered property damage. Busin
ess interruption has also come into focus with recent non-information-technology events related to system failure or dependent system failure.
“Is that enough in this environment with the cloud landscape and cloud dependencies?” Gidicsin asked.
David Derigiotis, who is focused on cyber and privacy as president of RT Specialty Detroit and EVP of ProExec Practice Group, said there is “room to negotiat
e and to have expansions of coverage where you need it.”
“Wrongful collection is a big one,” he said. “These policies are cyber and privacy. The privacy side is a very big deal.”
However, he added, coverage needs to be tailored to individual risk.
“You can’t give the broadest form, broadest coverage available to every single client every single
time. That’s when you’re going to open yourself up to serious issues. S
o, we’re very careful in how we are doing that, making sure the right coverages have the right partners,” Derigiotis said.
The product needs to be fit for purpose, agreed Lori Bailey, head of global cyber and technology at Axis, and the ind
ustry is adapting from a one-size-fits-all approach to coming up with different variations for different segments of the market.