Visualize: Insights that power innovation

All about timing: The importance of discovery triggers in cyber insurance

By Caitlin Plunkett  |  April 23, 2018

Verisk Cyber Risk Solutions

Rising demand for cyber insurance among small and midsize enterprises (SMEs) will drive innovation in underwriting these policies. ISO’s commercial cyber insurance program—designed specifically for SMEs—includes a unique feature: a discovery trigger applicable to first- and third-party insuring agreements.

Strong growth seen in cyber risk market

In a recent report, Sizing the Standalone Commercial Cyber Insurance Market, ISO projects the take-up of cyber insurance among businesses with less than $250 million in annual revenue will increase to more than 325,000 businesses, with an estimated $2.72 billion in direct written premium by 2020. This is in comparison to the approximately 140,000 such businesses buying cyber coverage today.

Smaller businesses often operate with minimal resources, leading to their having less sophisticated technology and lower IT budgets than the larger, more complex companies that historically have purchased cyber insurance. As a result, they need cyber coverage appropriate to the types of risks that affect their businesses and effective at the point in time when the incidents are discovered

Understanding cyber discovery triggers

A discovery trigger generally provides coverage with respect to incidents revealed during the policy period, even if the event occurred before the inception date. ISO’s program (currently available in 45 U.S. states and territories) is unique in that it offers a discovery trigger for both first- and third-party coverages—allowing for coverage with respect to an event the insured first discovers during the policy period, regardless of when the act or acts causing or contributing to the loss occurred.

The discovery trigger is important because of the time that can elapse between a cyber incident and its being discovered. Statistics related to the discovery period vary. The Ponemon Institute, for example, found that in 2017, it took an organization an average of 191 days to learn that a data breach had occurred. This might be even higher for small businesses, because Ponemon attributes the decrease from an average discovery period of 201 days in 2016 to “investments in such enabling security technologies as security analytics, SIEM, enterprise wide encryption and threat intelligence sharing platforms”—solutions an SME with a smaller IT budget might not have access to.


Caitlin Plunkett is the cyber lead for Verisk's commercial lines coverage products. You can contact Caitlin at CPlunkett@verisk.com.