The Big Question: Are we at the dawn of fundamental change in the cyber insurance market?

The issue of cyber security is never far from the minds of governments, businesses and insurers. It has been fraught with issues for underwriters as the lack of historical claims data, and with it modelling has seen insurers adopt a very conservative approach to the risks. It has been a rocky road with the market badly hit pre-Covid with rising ransomware claims.

The increased use of artificial intelligence has heightened the risks as cyber criminals have exploited its use to increase the sophistication of attacks which has only driven the demand for insurance coverage.

Global governments have responded to the threats and this month the UK government announced the details of its new Cyber Security Bill, aimed  at protecting public services and safeguarding growth.

It will place a renewed onus on firms providing essential IT services to public services and the wider economy to ensure they are no longer an easy target for cyber criminals. 1,000 service providers will fall into scope of the measures expected to be introduced later this year.

This month Munich Re said it expects the global cyber insurance market to reach $16.3 billion in 2025. It said to date, the market has proven itself to be capable and efficient in sheltering those insured critical digital assets needed to run the daily operations of organisations of all types and sizes – from micro-, small- or medium-sized businesses to large corporate enterprises.

According to the reinsurer the global insurance industry can withstand multiple extreme cyber exposure scenarios, such as those that may arise from widespread malware attacks or large-scale outages of cloud service providers. Rapid, simultaneous risk changes due to technological, geopolitical and market-specific factors present insurers with both challenges and opportunities.

Brokers and businesses have long been concerned over the level of exposure limits in place on policies which left them facing the potential of huge liabilities if they fell victim to a significant cyber event.

Insurers have long sought to strike a balance between meeting the coverage needs of clients and exposure management, but the approach has remained conservative for many.

However cyber insurer CFC has said it has broken the chains that have held the market back with a new product that will mean the market is never likely to be the same again.

Ian Summers, Global Business Leader, AdvantageGo.

Global Head of Cyber at CFC, James Burns says the underwriter has long recognised the issues faced by brokers and clients when it comes to cyber cover.

He adds it is why the insurer has this month unveiled a new cyber product aimed at all businesses with revenues up to £250 million, and it is a product that lays bare the issues with the current cyber offerings.

Burns adds that the policy contains two world firsts aimed at delivering the broadest, clearest cyber coverage in the world, revolutionising what brokers and their clients should expect from a cyber insurance wording.

“Having pioneered the concept of turning cyber insurance on its head to deliver a proactive service rather than a reactive policy, we’ve spent the last five years not only strengthening this proposition but also listening to what our brokers and their clients tell us they need. The launch of our new Cyber Proactive Response product is the culmination of that effort,” says Burns.

In a ground breaking first for the cyber insurance market the policy ensures that policyholders not only have access to unlimited reinstatements but will be offered with zero excess. Burns adds policyholders also have the option to only pay one deductible, no matter how many cyber events clients face within the policy term.

“What this does is turn the insurance paradigm on its head by removing the cap on what CFC will pay, while implementing a cap on what clients will pay beyond their premium,” he continues.  

“It’s been the norm for cyber insurers to cap what they will pay by aggregating the limit available under the policy while uncapping what an insured might have to pay, by making the deductible applicable to every single claim,” explains Burns. “But in a world where it’s increasingly possible to suffer a cyber event multiple times throughout the life of a policy, we want to reverse that dynamic and remove the burden for insureds by capping the amount they will have to pay.”

He continues: “While including brand new elements of cover to now offer what we think is the broadest, most accessible cyber insurance policy available in the global market today, we recognise that fewer exclusions in a policy is equally important. While CFC has a track record of accepting 99% of all cyber claims, we want our clients to have complete confidence that we will be there for them at that critical moment when an incident strikes. CFC is on a mission to try and remove as many exclusions as possible from all our policies, and we’ve struck six from this new cyber product.”

Exclusions have long been a bug bear for brokers and clients when its comes to cyber cover. Much has been down to the lack of historical data.

However Burns adds: “We have been leveraging the vast amount of data which we have accumulated in over 20 years of writing the class. We have a huge volume of policyholders and it has allowed us to better factor in the required price into the coverage we can offer.”

Burns, “We’re reinventing cyber coverage by building proactive into the heart of the policy, introducing world first elements of cover and removing exclusions. It is a game-changer for the cyber insurance industry.”

He continues: “The biggest issue for us as an insurer is that we must make the products as broad as possible for clients. We believe this is a huge step forward in risk transfer for cyber insurers.

“The market needed in many ways to see its products flipped on its head. It comes as clients are making ever more efforts to manage their exposure to a cyber event.”

Burns added while CFC has taken a new approach to cyber risks its is a move which should create a debate within the market.

“Our aim is simply to create innovative solutions for our clients and this will change the status quo. Whether other markets look to change their approach is a question for them.

“However, we believe that the market was due for a change. Given the current risks that businesses face there is a real likelihood that they will face more then one event in the life of the policy. They need to be secure in the knowledge that cover will be reinstated and that they will not be asked to pay multiple deductibles.

“We believe this will change the market and its approach.”