How brokers can help clients mitigate cyber costs in a hard market

How brokers can help clients mitigate cyber costs in a hard market | Insurance Business America

How brokers can help clients mitigate cyber costs in a hard market

This article was produced in partnership with AmTrust.

Bethan Moorcraft of Insurance Business sat down with Andrew Lipton, VP, head of cyber claims at AmTrust Financial Services, to discuss how brokers can help clients mitigate cyber costs in a hard market.

The cyber insurance market in the United States has hardened significantly over the past two years after a dramatic surge in both the frequency and severity of cyber losses, particularly those involving ransomware. In the 2022 renewal season, insurance brokers and their clients face considerable rate increases, capacity restrictions, higher self-insured retentions, ransomware sublimits, coinsurance agreements, and far stricter underwriting guidelines and risk management mandates.

While the hard market challenges are great, there are things that brokers can do to mitigate the rising costs of cyber risk for their clients, according to Andrew Lipton (pictured), VP, head of cyber claims, at AmTrust Financial Services.

First and foremost, it’s critical for businesses to purchase adequate cyber insurance policies. In the small business space, which is the core clientele of AmTrust, insureds have historically relied on their business owner’s policy (BOP) to secure basic cyber liability coverage. But as the cyber market has matured and the general understanding of cyber risk has increased, more and more insurers are excluding coverage for cyber risks from traditional, non-cyber policies.

“Cyber risk is ubiquitous, no matter what you do, so there’s always a need for coverage,” said Lipton. “But the more and more that small businesses look to those traditional policies like BOP policies to obtain coverage for cyber costs, the less and less receptive those carriers are going to be. So, you can either procure ready-made and targeted standalone cyber coverage from a carrier like AmTrust, or you can roll the dice and you might be left at the mercy of the courts to interpret your traditional insurance policies for cyber cover.”

Read next: Preparing for cyber insurance 2022 renewals

Beyond purchasing standalone cyber coverage, such as AmTrust’s recently launched cyber liability insurance product for small businesses, Lipton said there are two specific areas where brokers and agents could find savings for their clients in a hard market.

“As you’re procuring cyber insurance, it’s important to speak with the carrier about what their incident response and vendor panels look like,” he said. “Asking about the rates and understanding what the vendors are charging can help the insured make sure they are getting the most bang for their buck. Doing this will help the insured preserve as much of their cyber insurance limits as possible each policy year.”

Another thing Lipton encourages brokers and insureds to look for is whether or not carriers are offering any pre-claim post-bind services. This is something that AmTrust is focusing on as it expands its cyber product offering.

“The beauty of having a wide swath of vendors in these various spaces is that they’re all experts on cyber risk,” Lipton commented. “They’re able to identify certain vulnerabilities that an insured might have that maybe doesn’t get through the underwriting process. Before you purchase cyber, ask a carrier about what kind of services they offer to help with cyber hygiene. Everyone is interested in this – and often these services are free. Better cyber resilience and cyber hygiene means lower frequency and severity of claims.”

Read more: New tool reveals ransomware loss

That leads to Lipton’s final point, which is that insureds will struggle to get cyber insurance in a hard market without having adequate cyber security controls and risk mitigation measures in place. Furthermore, those with the best cyber hygiene are more likely to get coverage at a competitive price.

In the past 18-months, as cyber insurers have grappled with increases in frequency and severity of losses, mostly related to ransomware, multi-factor authentication (MFA) across the corporate network – and particularly for remote access to the network – has quickly become a minimum standard requirement for cyber insurance coverage. Another thing that insurers are very focused on is remote desktop protocol (RDP) port security. According to Lipton, closing RDP ports or securing them with the proper virtual personal network (VPN) protocol significantly reduces the potential of network breaches and malware attacks.

“The great thing about the cyber insurance industry, be it the purchaser, the carrier, the broker, or anyone else in between is that we’re all united in the same goal,” Lipton told Insurance Business. “We’re all trying to reduce frequency and severity of claims. It helps the carrier obviously, and it helps the purchaser too because fewer claims on their loss runs means better, more favorable rates during renewals. It’s something we’re all trying to figure out how to do together collaboratively.”