Over the past two decades, the cyber insurance marketplace has evolved significantly, maturing into a space where multiple markets, from new entrants to dedicated cyber insurers, are offering coverage. In fact, the number of Lloyd’s of London-backed cyber markets alone currently exceeds 40. However, the availability of many types of coverage also creates challenges for insureds and brokers alike.
“Cyber policies are designed to guard against cybercrime and data breaches. In the interests of the consumer, policy wordings now provide broad cover above and beyond these exposures, which is great, but it’s not uncommon for these ‘extensions’ to be branded,” said Nathan Rose, senior underwriter in professional liability at Burns & Wilcox. “This makes it very difficult for brokers to draw comparisons between wordings.”
The pricing of cyber insurance has also become problematic since prices for the coverage are often driven more by market saturation, as opposed to being reflective of the actual exposures that companies face, noted Rose. And those exposures are growing – ransom demands have been climbing significantly over recent years and breaches, like the one experienced by Capital One in 2019 where millions of customers’ data in both the US and Canada was exposed, are becoming regular occurrences.
Alongside the rise in increasingly sophisticated and financially burdensome cyberattacks, regulators have become more active in protecting consumers’ data. Over recent years, most provinces in Canada, and countries around the world, have enacted breach notification laws. In Canada, this was recently harmonized across most of the country in the form of the PIPEDA regulations.
“Among other things, these regulations require businesses that lose sensitive personal data to provide written notification to all individuals potentially affected,” said Rose. “This provides a great level of accountability of those parties holding sensitive information, but, most importantly, a compulsory level of protection for consumers.”
Nonetheless, the increase in regulation around data breaches has now resulted in a spike of commercial insureds purchasing cyber coverage.
“On the SME side, we didn’t see the huge uptake that we were hoping for following the rollout of PIPEDA, despite almost six times the number of privacy breaches being reported to the Office of the Privacy Commissioner of Canada compared to the preceding period,” explained Rose. “With that
being said, demand is steadily increasing, driven very much by the broker fraternity driving awareness of the exposures and risks associated with cybersecurity. This is obviously a positive and much-needed step forward, as almost all organizations have a cyber exposure, irrespective of size.”
To help brokers in their quest to secure clients the correct cyber coverage, Burns & Wilcox has a cyber insurance solution on offer, and helps insureds wade through a saturated cyber insurance marketplace by drawing comparisons to competing quotes, among other strategies that ensure clients receive the cyber product that’s right for them.
“We’ve endeavored to promote a product which is as clear and succinct as possible, essentially using ‘clear policy language’ – a term that is fundamental in our industry, but sometimes lost,” explained Rose. “We also work closely with our strategic broker partners to help them through the underwriting process by explaining the coverage provided and giving relevant claim examples that they can use to educate clients on their cyber exposures.”
Rose added that it can still be a difficult process for brokers to educate companies about the extent of the cyber risks they face. However, by providing cyber quotes with industry and profession-specific claim examples, the Burns & Wilcox team helps to underscore the reality of insureds’ vulnerabilities. “We’ve found this supplements our broker’s expertise perfectly, and promotes good risk management,” noted Rose.