Global reinsurer PartnerRe has once again collaborated with Advisen to conduct a comprehensive market survey on trends that are shaping the cyber insurance marketplace. The survey is intended to give insurance providers and brokers additional insight into the demand and growth potential for data breach and privacy cyber insurance products in the US.
Without question, demand for cyber insurance products is increasing and the insurance market is responding by adding new capacity and coverage.
The cyber insurance marketplace has grown to over $2 billion in gross written premiums with industry prognosticators forecasting it to double by 2020. The number of carriers offering cyber insurance has increased following a spate of cyberattacks that have brought the potential and need for such insurance into sharper focus. These events have demonstrated that no one is immune to cyber risk—a term which continues to be shaped, debated and defined by each new cyberattack and subsequent testing of current policy language.
Therein lies the current dilemma. While the demand for cyber insurance products is arguably skyrocketing, the industry’s attempt to understand a consumer’s cyber risk profile and to profitably underwrite an insurance program is currently causing some confusion. Cyber risk is present for all, but different for all depending on a policyholder’s business type and size—among other factors.
According to survey respondents, the cyber insurance market is disjointed and muddled by an often complicated application process as well as inconsistent policy forms and pricing. PartnerRe supports clients that write cyber risk, and recognizes the challenges some face in this market due to lack of information. This survey developed by PartnerRe is meant to help and provide insurance clients and their brokers with a tool to make informed decisions regarding their cyber insurance portfolios.
In partnership with Advisen, PartnerRe conducted its second market survey in August 2015 of about 460 professionals in the cyber sector to ascertain not only demand for cyber insurance products, but also the challenges of meeting the demand with meaningful products.
We conducted this survey to establish:
Underwriters and agents/brokers (“brokers”) were asked questions specific to their areas of expertise, with additional questions aimed at the broker community. We had responses from 108 underwriters who write cyber insurance, and 250 brokers who sell cyber insurance.
About 50% of underwriters write cyber insurance on a primary basis only, and about 45% write both primary and excess business. Very few underwriters write excess only.
Underwriters noted that about 70% of the business comes from brokers/agents who specialize in cyber risk. The majority of brokers felt they were at least moderately knowledgeable in cyber risk.
For the bulk of this report we combined the responses from the underwriters and brokers who offer or sell cyber products.
This report is broken down as follows:
Just about every underwriter and broker responding to the survey this year said there had been at least some increase in the demand for cyber insurance products in 2015, with more than 60% of respondents seeing a “significant increase” in the demand for cyber insurance products.
“Those who are most exposed need [cyber insurance] now and are willing to buy it,” said one respondent. “In the next three years we will see the non-buyers convert at a faster clip.” This respondent added that brokers tend to focus selling efforts on risks resulting in the largest premium but that there are other opportunities downstream.
The carrier and broker perceptions of overall demand are both up when compared with last year’s survey tallies. One respondent commented: “Awareness is high, demand is high.” However, the same person added that the sheer number of cyber insurance market players makes it “impossible to keep up with the changes [in policy forms].”
Underwriters and brokers agree the greatest increase in demand is being seen in the healthcare industry. Retail and financial services also scored highly for an increased demand in cyber products. This continues to mirror our findings from last year.
We note growing demand from the education sector which ranked lower in 2014.
The news of retail attacks, as well as other high profile cyberattacks, such as the ones against healthcare, universities and the government, has been the greatest driver of demand, according to those who took the survey.
Underwriters and brokers generally felt the same way about all the drivers of demand, with one exception. Underwriters felt that the demand from the C-Suite was a much more significant driver for the product than did brokers, although almost all brokers noted there was heightened awareness at the C-Suite level. In any case, the “board or senior management demand” has become a much more important driver since last year.
Increased education and insurance requirements by a third party remain top drivers, as they were last year.
One respondent noted that it was the “risk mitigation services” that drove demand.
When asked to rank the factors in a client’s buying decision, “price” and “breadth of coverage/policy form” were by far the most important factors. The service vendors, claims reputation and carrier’s financial strength, played a smaller role.
Other factors that influence the buying decision were “relationship with carrier”, and “risk management services.” We intended for “service vendors” to include risk management services, but we will clarify that in next year’s survey.
In the commentary, several themes emerged when speaking of the buying decision. Respondents pointed out “underwriting expertise and experience” as well as “a quality broker who has the ability to compare these complex coverages and to explain them to the client in a way they can better understand.” Ease of doing business and in the application process were also cited as factors in the decision.
Respondents were asked to rank the demand for a number of different coverages currently available in the marketplace. Most coverages are seeing an increase in demand, with “cyber related business interruption” topping the chart – but not by much.
Insurers and brokers are seeing increases in demand for expenses related to regulatory defense. It makes sense for regulatory expenses to be top-of-mind for insureds. Headline- grabbing cyber breaches of private and public organizations are attracting attention of regulatory bodies, such as the US Federal Trade Commission, which recently received a favorable federal appeals court ruling regarding its authority to regulate corporate cybersecurity.
Interestingly, over 40% of brokers saw significant increases in demand for fraud related coverage – “funds transfer fraud” and “computer fraud,” which may indicate that insureds are starting to see themselves as more vulnerable to this type of exposure.
According to survey respondents, about 30 percent said insureds were “frequently” renewing cyber coverage at higher limits. About half said “sometimes.”
This result may be influenced by the industry segment handled by the carrier or broker. For example, retail or healthcare cyber policyholders may see the need for higher limits based on cyber losses of their peers.
For those broker respondents that place excess towers for this business, only a small percentage (3%) noted there was frequently a capacity shortage. However, 32% observed there was sometimes a capacity shortage. “Capacity is out there but certain risks are hard to place based upon the industry,” said one broker respondent.
Most carriers either sell a standalone policy, or both a standalone and an endorsement. Very few carriers offer an endorsement only. Brokers had a similar response.
The majority of endorsements were provided in conjunction with Errors & Omissions insurance and other professional lines of business, although we noted a significant number of other non-professional lines were also being endorsed.
When asked to predict on what basis there would be growth in cyber products, well over 80% of carriers and brokers said they expected the most growth to come from standalone policies.
We asked both brokers and underwriters about the biggest obstacles to selling cyber insurance. Due to a glitch in the survey, underwriters could select up to three options and brokers could only select one. Interestingly, when three options are available, underwriters’ top obstacles are “not understanding coverage,” “cost,” “not understanding exposures,” and “application process.”
For brokers, who could only pick one option, “not understanding exposure” was the greatest barrier to selling this coverage, followed by the “application process.” Here are the broker results:
When given the chance to comment, many respondents classified the cyber insurance market as “disjointed,” or “inconsistent” with a “very cumbersome” application process.
“Prospects often hold [off] completing the application process after seeing the in-depth questions,” noted one respondent. One broker wrote that the “cost and the extensive application process do create barriers for quick purchase of coverage.”
“Many insureds are intimidated by the applications and are hesitant to answer unclear questions or are concerned their answer could cause a denial of coverage or dramatically increase pricing.”
As one respondent noted, insureds may have “analysis paralysis!”
In addition to concerns over the application process, brokers said consistency in coverage and exclusions is also needed because cyber insurance is, “difficult to explain to clients and is complicated further with major inconsistency in the scope of coverage from one policy to another.” Another added that the “lack of consistency in coverage, terms and conditions among carriers creates misunderstanding by the insured on what ‘cyber’ means.”
Given all the confusion around policy forms, it is not surprising that when we asked brokers who placed primary coverage to tell us how many carriers they used, 77% used five carriers or less. Almost a third of those brokers only use one or two carriers. As one respondent noted “people buy/sell what they know and understand.”
When brokers were asked if they noted a difference in claims handling among carriers, 30% said “yes.” There was little commentary on claims handling practices, although one respondent noted that “claims handling [and] service vendors are intertwined” and this broker noted that they only use markets that are rated A or better.
When brokers were asked if pricing was becoming more consistent, 7% said “yes – frequently,” 54% said “yes – sometimes,” and 39% said “no – the market is very disjointed.” One respondent noted that “coverage terms are all over the board [with] no rhyme or reason regarding pricing.” Another notes that “as more and more carriers are entering this arena, brokers need to be very careful comparing quotes. Coverage is not created equally.”
When brokers and underwriters were asked if insureds were inquiring about cyber related bodily injury or property damage losses, 42% said that insureds sometimes asked (with a few noting that they were frequently asked by their insureds). One broker noted that “this is something that we do discuss with [our insureds] as well.” Another broker noted that it depended on the industry, and that “utility, energy, [and] manufacturing clients frequently inquire” about these types of cyber related exposures.
Of the very few respondents that currently did not sell/offer cyber coverage, the vast majority answered that they were planning to do so in the next three years. We asked this question to gauge market growth, but it appears that the coverage offering is widespread as almost all underwriters and brokers now offer the product.
With growth come some concerns. We did not address this in our survey, but one correspondent noted that “we are really concerned about potential for aggregation and accumulation of risk in cyber. There is significant potential for cat losses in the scale of property risk, i.e. through shared cloud services and data center or widespread cyberattack. Not sure market recognizes and can adequately model for this.” This is an area of increased interest, and while there are currently no robust models for cyber insurance, there are a number of companies that see the need and are working to develop tools.
Similar to our findings last year, media coverage of high profile cyber events drive the demand, although the influence of the C-Suite and the boards of directors are becoming much greater. This is not surprising given the impact cyber events can have on a company’s reputation, its bottom line, and on the personal accountability of members of management.
Carriers and brokers need to continue educating insureds on the evolving exposures in order to fuel growth. In addition, some standardization on coverage could go a long way towards reducing the confusion and uncertainty regarding existing policies.