Jump to winners | Jump to methodology
Staying one step ahead of threats
Cybercrime has always been a serious problem – and it has worsened during the pandemic. In 2021, one in 10 firms reported being a victim of a cyberattack, according to a survey by the British Chamber of Commerce and the IT company Cisco. Insurance companies have stepped up to deliver outstanding coverage that helps protect companies from this contemporary threat. The 2022 IBUK 5-Star Cyber report recognises the 18 companies that have led this effort.
“Companies realised there was an overnight need for digital transformation and used advanced technology without having enough time to go through a proper due diligence process”
Andrea Garcia Beltrán, RSA
A different scenario
Andrea Garcia Beltrán, UK and international head of cyber underwriting at winning company RSA, says that the pandemic changed the threat and loss scenario dramatically.
“Companies realised there was an overnight need for digital transformation and used advanced technology without having enough time to go through a a proper due diligence process,” she says. “Robust resilience is normally at the heart of the change process and cyber criminals took advantage of this. Cyber criminals continue to evolve their techniques to be more efficient in their attacks.”
Loss scenarios now, she says, not only include data breaches but also business interruption, cyber extorsion, ransomware and supply chain/vendor attacks. These factors have led to greater risks, underwriting scrutiny and a hardening of the market.
Meanwhile, David Warr, portfolio manager for cyber at QBE, another winner, says mostly ransomware events have driven a significant correction over the past year.
“An increasing focus has been placed on specific cyber security risk management controls to try and ensure clients are best prepared to defend against ransomware threats but also respond to events when they do occur,” he says. “The loss ratios in the market have led to a retraction in capacity, and as the cost of claims has increased, so have retentions and premiums.”
Matt Drinkwater, cyber and financial lines underwriting manager at winning firm NMU, echoes Warr’s sentiment.
“I think it goes without saying that over the last 12 months, the cyber market’s certainly hardened both sharply and significantly, and that’s not just in terms of rate but also in terms of appetite, increases in deductible levels, as well as reductions in commissions,” he says. “Let’s not forget the change in the quality of baseline security standards which are now being required by insurers as well.”
“Preparedness is key to ensuring an adequate response to cyber events when they occur”
David Warr, QBE
What makes a winning product
What’s so special about the winners’ product offerings? As part of the survey process, brokers were asked how the nominees were performing in everything from first-party and third-party coverage to claims payment/processing and flexibility/customisation of polices to breach response and how companies educate brokers about their products. The winners reflected on a few of these areas and explained their strategies to meet brokers’ needs.
Drinkwater says that NMU’s CyberSafe product for SMEs “includes not just the required first party and third-party liability covers but also an extensive cybercrime section”. In claims payment/processing, he adds, NMU’s in-house claims team, together with the wider cyber claims team at parent company, Munich Re, and an award-winning breach response company called ReSecure, provide clients a first-class claims service to clients who have suffered a cyber security event. ReSecure provides an integrated breach response that leverages the expertise of legal advisors, cyber risk consultants, forensic scientists and crisis management solutions.
Garcia Beltrán and Warr reflected on the categories in general.
RSA assesses each risk on its own merits in line with the company’s underwriting guidelines and appetite, Garcia Beltrán says. “We are open, flexible and tailor policies if the cyber hygiene of a particular risk allows it. We have partnered with loss adjusters, Crawford, to be able to provide 24/7 claims and break response with access to specialists when and as needed.”
Warr adds that all of QBE’s clients have access to a 24/7 incident response team that is on hand to assist clients in the event of a cyber incident and help them through what is a difficult and stressful situation. “QBE’s coverage and risk appetite has remained consistent, and brokers and clients understand the product we provide,” he says.
“We are always carefully watching for both adaptations of existing cyber threats – for example, ransomware evolving into double extortion where there is a threat to publish exfiltrated data unless the ransom is paid and newly emerging vulnerabilities”
Matt Drinkwater, NMU
How do RSA, QBE and NMU intend to address new threats in the near future?
“Preparedness is key to ensuring an adequate response to cyber events when they occur,” says Warr. “Risk management tools are important, but these simply reduce the likelihood of an attack, so it is crucial to ensure firms are prepared and ready to respond when an event arises.”
Meanwhile, according to Garcia Beltrán, RSA is focused on empowering clients to implement minimum best practices in cybersecurity and data privacy protection and employ skilled workforces. She says that her company is closely monitoring the threat landscape and will be making necessary amendments as it reviews its guidelines.
“We do not have a specific mandate to adapt the coverage we provide. However, we might amend some conditions depending on the cyber-hygiene and risk presentation. We also started a project to update our wordings and risk management solutions,” she says.
Drinkwater says: “We are always carefully watching for both adaptations of existing cyber threats – for example, ransomware evolving into double extortion where there is a threat to publish exfiltrated data unless the ransom is paid – and newly emerging vulnerabilities.”
He emphasises that NMU’s response is grounded on the due diligence process that is performed on each risk. For example, NMU’s brokers are aware of the specific ransomware and denial-of-service questions that the company has developed and deployed to assess exposures, whilst keeping them relevant to the target audience.
According to Drinkwater, the cyber insurance sector needs to process the correction to coverage price and underwriting due diligence to ensure a sustainable cyber insurance market. At the same time, he says that NMU is “seeing an unprecedented demand for cyber cover in the UK as brokers begin to embrace the need for [it in] pretty much all of their client base, which is a massive shift from even just 12 months ago when only certain industries were really being catered for by a select few brokers”.
Meanwhile, Warr expects a continued focus on risk management in the next year. “While ransomware incidents are not disappearing, the wider supply chain threat needs to be considered and capacity is likely to further reduce as insurers seek to manage overall exposure to an aggregated event,” he says. Warr adds that liability exposures also need to be considered, and there will likely be an increase in litigation arising from data breaches.
Garcia Beltrán foresees more challenges for the insurance marketplace in the first half of 2022. “The cyber market will continue hardening as the associated claims cost is increased; how this is limited depends on the individual performance and reinsurance of a carrier, industry sector, risk appetite, and more importantly, proactive resilience strategy of the insured. The scale and level of sophistication of the cyber attacks we saw in 2021 will only continue to increase. The insurance market needs to respond with top-class expertise and a clearly defined risk appetite and strategy,” she says.
- Brit Insurance
- Celerity Pro
- CFC Underwriting
- Dual Corporate Risks
- Hartford Steam Boiler
- MPR Underwriting
- Pen Underwriting
- Zurich Insurance
Brokers were first quizzed on what features they thought were most important in a cyber insurance policy and then asked how the insurers they dealt with rated on those attributes. Insurers were measured on the strength of their relationships with brokers, ability to handle claims, underwriting expertise and, most importantly, the strength of the individual products they provide.