Advisen

With cyber prices rising 300% or more, brokers face 'difficult yet important' conversations

By Erin Ayers, Advisen

Brokers face new challenges as cyber insurance premiums spiral higher, with rate increases reaching 300% or more, but they remain “optimistic and realistic” about the market, according to a report from Risk Placement Services (RPS).

The high prices and tougher underwriting standards mark a “necessary evolution” toward a more stable market in the future, according to Steve Robinson, RPS national cyber practice leader in the firm’s U.S. Cyber Market Outlook. Rather than a “breakdown,” the market is functioning as intended to align underwriting with the exposure.

“Rather than simply declining to write business in this challenging market, insurance companies need to become better at determining what a good risk is, and write that business,” said Dillon Behr, RPS area vice president. “Between premiums, sublimits and retentions, as well as a more thorough underwriting process involving network scans, insurance companies have a lot of levers to pull to profitably write this business.”

Upon renewal, brokers need to be ready to have a “difficult yet important conversation” with insureds on price, terms and conditions, and new requirements, according to the report.

One of the key challenges for brokers has been explaining shifting cybersecurity standards and IT infrastructure minimum requirements. Multi-factor authentication (MFA) is now a must-have, but RPS experts said insureds have been “surprisingly reluctant” to implement MFA. Some cite cost as a factor, or pushback from employees.

“In many cases, a bit of client education can help break down that resistance. That’s a conversation worth having as MFA is one of the most effective cybersecurity tools readily available,” RPS stated in its report, citing findings from Google that MFA can block 99% of non-targeted phishing attempts and 66% of targeted attacks.

However, even with the right controls in place, organizations are finding it next to impossible to secure their 2021 coverage at 2020 rates. Over the past year, reinsurance constraints and high losses prompted insurers to cut way back on capacity.

“This year, agents are scrambling to build towers that offer their customers the same limits of liability that they’ve had in previous years,” said April Solano, RPS area assistant vice president. “A $10 million tower built with five insurance companies in 2020, might now require 10 companies in 2021.”

RPS predicted that some of the changes may be here to stay, particularly ransomware sublimits.

“In many cases, the attackers are able to determine the ransomware limits in their victim’s cyber policy before they even make their demand. So lower ransomware sublimits may become viewed as a deterrent as well as a means of controlling loss ratios,” the broker said.

Editor Erin Ayers can be reached at erin.ayers@zywave.com