Only a few years ago, cyber attacks simply weren’t on the radar of most businesses. However, a spate of high-profile attacks and the exponential growth of ransomware in recent years has demonstrated the need for cyber protection.
DJ Carlisle, underwriting manager, Northeast, for cyber and tech E&O at Tokio Marine HCC’s Cyber & Professional Lines Group, recently spoke with IBA about the growing need for cyber insurance. Carlisle said the growth of cyber crime has resulted in both higher demand for insurance coverage and greater pressure on insurers.
“Our submissions are up well over 100%, application and control requirements have gotten longer, and the underwriting process has become much stricter,” Carlisle said. “The entire chain, from risk manager to broker to underwriter, is under a lot more stress.”
Carlisle said that Tokio Marine HCC - Cyber & Professional Lines Group has taken steps to relieve some of those pressures.
“We have gone beyond just the traditional application underwriting questions,” he said. “We’ve brought in third-party vendors and invested in additional artificial intelligence and data scientist-type roles. We have also built our internal threat intelligence and breach response departments.”
While cyber insurance has seen increased demand, there are still many businesses – often smaller organizations – that still don’t have cyber coverage in place. That’s a misconception that brokers should nip in the bud with their customers, Carlisle said.
“I know a lot of brokers in our community have done a good job of trying to dispel the myth that cyber insurance policies are really only designed for large corporations or companies that handle a significant amount of private data,” he said.
Carlisle also highlighted the importance of companies keeping their own employees educated about cyber risk. Beyond education, he said companies needed to take proactive steps to protect their digital assets.
“It’s all about hardening their security posture,” he said. “It’s about investments – [implementing] access controls, endpoint protection, and should those things fail, [ensuring] backups are tested,” he said.