It seems every few days there’s a new report of a data breach affecting a business or healthcare service provider we know. In a number of those cases, cyber insurance has helped the business recover from the incident — paying for investigating the breach, notifying affected customers, and making credit monitoring available to them. So why hasn’t the cyber insurance take-up rate been greater and become a staple of the insurance industry?
First, there’s the question of demand. According to a recent survey conducted by Hanover Research and sponsored by ISO, most companies today don’t see their lack of cyber coverage as a problem. The survey of insurance professionals found that among carriers offering cyber insurance, 40 percent say businesses don’t think they need cyber coverage and 29 percent say businesses believe they’re already covered under existing policies. Only 12 percent of insurers say the biggest challenge is that premiums are too high.
There’s also the question of supply. Only 46 percent of the insurers that responded to the survey currently offer cyber insurance. At a conference this fall, Ari Schwartz, the White House director of cybersecurity, indicated that insurers low take-up rate pertains to the absence of the actuarial data they need. That should change over time as data on cyber losses becomes more robust and insurers are able to make more informed decisions about cyber coverage. In fact, this year we formed a strategic collaboration with IDT911™ designed to help us better understand the cost of data breaches and provide a more complete picture of cyber risk.
There’s no question that we need to continue to educate business leaders about the exposures and costs they potentially face should they suffer a cyber attack. We also need to provide coverage options that meet the needs of policyholders. According to the recent survey commissioned by ISO, 92 percent of insurers providing cyber insurance offer optional cyber endorsements to existing insurance policies.
This year, we introduced optional cyber insurance endorsements for use with our Businessowners Program. Those endorsements will be available for insurer use in March 2015. We’re also working on cyber coverage for medical professional liability risks, which we hope to file with state insurance regulators next year. For what other insurance programs should we consider developing endorsements? What other products and services could help you offer cyber insurance coverage? Please contact me at sdougherty@iso.com or 201-469-2816 to let me know.