The cyber insurance marketplace is reacting to recent large cyber attacks with increased scrutiny and, for some, a reduction in limits.
For retailers especially, it is more difficult to put together a coverage tower because underwriters have lowered limits to about $5 million from about $10 million.
“It can be difficult to get to high amounts [of coverage],” said Anne Corona, US cyber practice leader for Aon Risk Services.
Tom Srail, technology, media, and telecom industry leader at Willis North America, added: “It has been a tough go for retailers.”
Srail said one carrier—one of the top 5 cyber insurers—involved in one of the recent major retail losses said it was no longer interested in being a participant in the coverage for the retailer, and “priced themselves out.”
“And we haven’t seen the end of this,” Srail continued. “There are still more [breaches] coming. The market is going to react.”
Following the large public breaches at retailers such as Target, Home Depot, Sally Beauty, Neiman Marcus, Michaels and others, renewal quotes of more than 10-20 percent “has not been unusual” for this industry, according to a blog by Willis.
“For some retailers, cyber insurance programs placed before 2014 may contain a combination of coverage and pricing that is no longer in line with current market appetites,” Willis warned. “Finding carriers willing to renew existing structures may prove challenging.”
Claims are being paid for first- and third-party losses. Even insurers who had agreed to light pricing at the top of the tower are reconsidering as the marketplace learns more about how quickly losses from a data breach can pile up.
“These carriers never thought losses would hit their layer,” said Matt Donovan, national underwriting leader for technology and privacy at Hiscox. “They are absolutely changing that perspective.”
Srail said a “small percentage of carriers are intensely restricting capacity and changing appetite,” but it is “not something we are not paying attention to.”
The industry category is simply being looked at differently. With the likes of Target and Home Depot involved in the two largest retail breaches of all time within the last year, a catastrophic loss scenario are easier to imagine.
“Right now, [retailers] are not being looked at in a good light,” Donovan said.
Still, sources said capacity of $300 million is possible. Competition can be leveraged to get better pricing, especially for smaller risks.
Still, sources said capacity of $300 million is possible. Competition can be leveraged to get better pricing, especially for smaller risks.