Cyber insurance carriers are putting the squeeze on retailers following major data breaches
The cyber insurance marketplace is reacting to recent large cyber attacks with increased scrutiny and, for some, a reduction in limits.
For retailers especially, it is more difficult to put together a coverage tower because underwriters have lowered limits to about $5 million from about $10 million.
“It can be difficult to get to high amounts [of coverage],” said Anne Corona, US cyber practice leader for Aon Risk Services.
Tom Srail, technology, media, and telecom industry leader at Willis North America, added: “It has been a tough go for retailers.”
Srail said one carrier—one of the top 5 cyber insurers—involved in one of the recent major retail losses said it was no longer interested in being a participant in the coverage for the retailer, and “priced themselves out.”
“And we haven’t seen the end of this,” Srail continued. “There are still more [breaches] coming. The market is going to react.”
Following the large public breaches at retailers such as Target, Home Depot, Sally Beauty, Neiman Marcus, Michaels and others, renewal quotes of more than 10-20 percent “has not been unusual” for this industry, according to a blog by Willis.
“For some retailers, cyber insurance programs placed before 2014 may contain a combination of coverage and pricing that is no longer in line with current market appetites,” Willis warned. “Finding carriers willing to renew existing structures may prove challenging.”
Claims are being paid for first- and third-party losses. Even insurers who had agreed to light pricing at the top of the tower are reconsidering as the marketplace learns more about how quickly losses from a data breach can pile up.
“These carriers never thought losses would hit their layer,” said Matt Donovan, national underwriting leader for technology and privacy at Hiscox. “They are absolutely changing that perspective.”
Srail said a “small percentage of carriers are intensely restricting capacity and changing appetite,” but it is “not something we are not paying attention to.”
The industry category is simply being looked at differently. With the likes of Target and Home Depot involved in the two largest retail breaches of all time within the last year, a catastrophic loss scenario are easier to imagine.
“Right now, [retailers] are not being looked at in a good light,” Donovan said.
Still, sources said capacity of $300 million is possible. Competition can be leveraged to get better pricing, especially for smaller risks.
Still, sources said capacity of $300 million is possible. Competition can be leveraged to get better pricing, especially for smaller risks.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
