Cyber Insurance Today:
Lots of Interest, Lots of Product
Innovation, and Lots of Risk
Richard S. Betterley, CMC
Betterley Risk Consultants, Inc.
Sterling, MA
Independent Risk Management Consultants since 1932
Publishers of The Betterley Report at
www.betterley.com
A Cyber Risk Insurance Refresher:
What Does (or Should) it Cover?

Liability for loss of personally identifiable information






Not just electronic, but all types of data, including paper
Corporate information, not just individuals
All types of data, not just financial
Some cover loss of data when in the possession of a 3rd party, such as a vendor
Many think it covers all liability for all types of electronic activity, such as social
media; it doesn’t
Costs for responding to a data breach




Public relations response
Legal guidance
Victim notification
Credit monitoring
2
Coverage (cont’d.)

Fines and penalties






Defense costs
Consumer Redress funds
Civil money penalties (but not if unlawful to insure; look for most favored venue
language)
Penalties imposed by credit card issuing entities (Visa/MasterCard, etc.)
Typically sub limited
Value-added Services


Discounted response services
Network testing
3
Coverage Options

1st Party





Loss of Data
Business Interruption and Extra Expense
Cyber Extortion
Crisis Response Fund
Theft



Data
$$$
Products or Services
4

Media Liability


All media activities or just online media (including social
media)
Intellectual Property liability coverage:



Copyright infringement – can be included
Trade or Service Mark infringement – can be included
Patent Infringement – cannot be included in most forms
5
Notable Exclusions



Dishonest/Criminal/Intentional Acts (but severability
generally applies)
Contractual Liability
Data Outside of Your Network


This is in reference to cloud-type computing, which is
often insurable
Non-electronic data

Such as paper documents; generally insurable
6
U.S.-based Premium Volume
Estimated Premium Volume (GWP for U.S.-based Insureds
(mid-range estimate) (millions)
$3,000
$2,500
$2,000
$1,500
$1,000
$500
$0
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
7
Problem Areas

Serious concern whether underwriting and pricing
can keep up with the black hats





Active hostiles operating outside the law and largely
invisible
Extensive cooperative network to share and improve tools
Automated attacks
Rapidly evolving tools and techniques
National Actors as Hackers

When will the war exclusion be imposed?
8
Distribution Problems

Technology-oriented coverage is not well understood
by agents/brokers and insureds (and probably
consultants)



Confusion in the marketplace leading to bad buying
decisions – or no buying decision
Copycat carriers lack tools to understand and manage the
risk
Not enough knowledgeable underwriters and claims staff
9
Reinsurance Support is Needed

Higher limits are needed


Accumulation risk



Tough to assemble more than $300 million/insured
The cyber hurricane is only a matter of time
And it won’t be just one
The vendor risk

SMEs as the threat vector (i.e., Target)
10
Opportunity





Potential for rapid growth
Add-in for package policies and Management
Liability products
Declining cost of breach response services
Mandated coverage for vendors to larger
organizations (proof of insurance)
Ability to improve the risk by ‘loss prevention’
services
11
????

Can Cyber be written safely? Too much risk/too much demand

Which carrier will be the FM Global or Hartford Steam Boiler of
Cyber?

Can private insurers cover attacks by national actors and terrorists?

Will Cyber products be broadened to cover the real exposures?

Damage to reputation

Theft of IP

Theft
12
The Betterley Report

A series of 6 annual evaluations of specialty
commercial lines insurance products; including:







Technology E&O (February)
Intellectual Property and Media Liability (April)
Cyber/Privacy (June)
Private Company Management Liability (August)
Side A D&O (October)
EPLI (December)
For more information, go to www.betterley.com
13