This article was produced in partnership with Tokio Marine HCC – Cyber & Professional Lines Group.
Bethan Moorcraft of Insurance Business sat down with Underwriting Director Kelsey French at Tokio Marine HCC – Cyber & Professional Lines Group, who manages Cyber and Tech Errors and Omissions (E&O) for the Midwest US, to discuss the state of the cyber insurance market heading into 2022.
The cyber insurance market in the United States has been highly volatile throughout 2021 due to an unprecedented level of dangerous and damaging cyberattacks launched against American companies.
Ransomware continues to be the most prominent cyber threat. In 2021, there was a significant uptick in the frequency, severity, and complexity of ransomware attacks, impacting businesses of all sizes and in all sectors. There has been no reprieve in ransomware activity throughout the year, suggesting that it will continue to be a prominent threat in 2022 as threat actors continue to exploit new vulnerabilities and attack vectors.
Facing such a dynamic threat landscape, the cyber insurance market tightened up significantly at the onset of 2021 with many carriers increasing rates, minimizing coverage, and limiting capacity for certain risks, according to cyber and tech errors & omissions (E&O) insurance expert Kelsey French (pictured), Underwriting Director for Tokio Marine HCC – Cyber & Professional Lines Group.
As the year progressed, it became clear that ransomware wasn’t subsiding and insurance cyber carriers started to change underwriting requirements and strategies, such as sub-limiting ransomware and applying co-insurance provisions so insureds would share in the risk. Throughout 2021, underwriters have also focused more on their insureds’ overall cybersecurity hygiene and the controls they’ve implemented to manage their risk.
“As we move into 2022, all of these underwriting considerations will continue. Carriers will likely confirm their appetite for certain risks and will clarify what coverage they intend to provide,” said French. “Cybersecurity controls will continue to be a huge factor as we assess and underwrite risks for 2022. We’ll be looking for more specifications and clarification from insureds on their deployment of those cybersecurity controls, how they’re maintaining them, and how they’re improving their cybersecurity hygiene.”
Cyber insurance is not a one-size-fits-all solution for commercial entities. One positive to come out of the past few challenging years is that carriers, brokers, and insureds have improved in their understanding of cyber risk, the importance of adequate risk mitigation controls and bespoke risk transfer solutions.
French commented: “With the recent headlines of ransomware attacking our infrastructure, we have seen a significant increase in awareness of the risks associated with ransomware, and this has led to a great interest in cyber insurance policies in 2021. Now, the focus going into 2022 is making sure that businesses have purchased adequate insurance to cover their overall exposure. Brokers continue to play an important role in consulting their policyholders on protecting their businesses with cyber insurance, but it’ll be important to focus on ensuring businesses have enough coverage to address the overall impacts of a cyber event.”
There are opportunities for growth in the cyber market in 2022, according to French, especially with insureds looking for a risk management partnership rather than just a risk transfer solution.
“Cyber insurance was once transactional, but when looking at client A versus client B, we’re focused on working with clients who want to continuously improve their cybersecurity posture and work with us to better themselves. We plan to continue forming strong partnerships with our insureds so that we can share our knowledge and educate our clients around what controls are important and how they can protect themselves. Those types of partnerships will hopefully gear towards greater profitability for the entire marketplace,” explained French.
While ransomware will likely remain the number one threat vector in 2022, French said it’s important for carriers, brokers, and insureds to be mindful of other existing and emerging threats such as cybercrime and wire transfer fraud, as well as ensuring compliance with applicable data security and privacy regulations. Ransomware is dominating in terms of frequency and severity of losses, but the build-up of claims in other areas of cyber coverage is also exacerbating the challenging market conditions.
French advised brokers to work far in advance of 2022 renewals if possible. She said: “Because the market is changing so rapidly, what underwriters require today might look completely different compared to what we may require in 30-days’ time. As such, it’s important for brokers to work with clients to ensure they have baseline standard controls like multi-factor authentication (MFA) in place, and that they get a high-level assessment of their client’s cybersecurity posture well in advance of their renewal.
“It’s also important for brokers to set the expectations with clients that carriers are going to require more information than prior years, including specifications and clarifications on the information submitted. That goes back to the importance of strong partnerships in the marketplace. We work alongside our brokers, and their clients so that we can make sure they are appropriately covered, and have the tools and information they need to become better cyber risks.”
Based out of Chicago, Illinois, Kelsey French is the Underwriting Director for Tokio Marine HCC – Cyber & Professional Lines Group which is part of the Tokio Marine HCC group of companies based in Houston, Texas, managing its cyber and tech errors & omissions (E&O) business for the Midwest United States. She provides underwriting and client support, offering a variety of insurance solutions that incorporate broad first- and third-party coverage for cyber, multimedia, and technology errors and omissions exposures. Kelsey holds a Bachelor of Science (B.S.) in Finance from the University of Kansas.