Insurer launches rare $100mn cyber policy with prevention services

Insurer launches rare $100mn cyber policy with prevention services | Insurance Business

Insurer launches rare $100mn cyber policy with prevention services
A leading insurance company is now offering cyber insurance policies providing up to $100 million in coverage, filling a void many have seen in the market for high-limit policies.

Sold through ACE Group, Global Cyber Facility comes with services from firms that help companies identify and correct cybersecurity vulnerabilities, including BitSight Technologies, FireEye Inc.’s Mandiant services group, Navigant Consulting Inc., NetDiligence, Promontory Financial Group and Verizon Communications.

 The partner firms are also helping ACE refine its underwriting for cyber policies – a process difficult for many insurers given the lack of historical loss data for the risk.

“There are no actuarial tables for cyber,” Karen Kukoda, partner alliance director with FireEye, told Reuters. “ACE is building us into their process to help assess risk for clients.”

The application process is reportedly intense. Agents with clients interested in the coverage must prepare companies for a heavily scrutinized underwriting process, including reviews of cyber security defenses, strategies for mitigating potential breaches, and post-breach response plans.

If deficiencies are detected, companies can still obtain coverage, but only after an on-site interview conducted by ACE. The insurer’s consulting firms will recommend solutions for any existing shortfalls, though clients need not implement those steps right away.

Instead, ACE will review those areas during renewal.

The new program promises to be lucrative for ACE, as the company expects higher premiums and profits by offering one of the highest limits for cyber risk in the admitted market. Existing policy limits have been easily exhausted by high-profile data breaches such as the 2013 Target cyber attack, which cost the company $252 million in expenses. Target’s policy covered just $90 million, leaving the company responsible for more than 64% of the cost.

Jack Elliott-Frey, a broker with Safeonline LLP, believes that as more businesses accept the costly reality of cyber risk, insurers will start offering higher limits.

"There is a clear picture being painted here: businesses are unaware of the cyber threat, which leads to low demand for cyber insurance, with insurers offering generalized, inadequate policies for the small number of businesses that are requesting them,” Elliott-Frey told Insurance Business America.

He added that underwriters also have a habit of "follow[ing] the actions of others," particularly in an emerging market such as cyber, which is still being offered only by a small pool of insurers.

ACE’s announcement comes on the heels of a report from Pricewaterhouse Coopers, which suggests the $2.5 billion cyber insurance industry will triple to $7.5 billion by 2020. Analysts warned that without necessary innovation in the insurance space, tech competitors like Google may step in to take over the market.