In today’s rapidly changing insurance landscape, brokers are grappling with increasingly complex challenges, particularly in the realm of cyber insurance.
As cyber threats evolve and businesses become more vulnerable to attacks that can disrupt operations, damage reputations, and deplete financial resources, it is crucial for brokers to go beyond the basics. They must dive deep into policy forms to effectively protect their clients.
Highlighting findings from his firm’s recent State of the Market Report: A Focus on Cyber, Matt Donovan (pictured above), executive vice president at Amwins, emphasized how the cyber insurance industry has softened in recent years, reflecting newly expanded coverages within a competitive landscape.
Emerging from a hard market cycle, where insurers tightened terms to minimize aggregated losses, this year's marketspace has seen both coverage enhancements and a reintroduction of exclusions.
"Earlier in my career, some markets had broad wild virus exclusions, but competition eventually pushed those out," Donovan recalled. "We are now seeing similar concepts pushed under the guise of widespread/catastrophic event exclusions, expanded infrastructure interruption and war exclusions. Those restrictions are easy to overlook, but can be a real issue in the event of a common vulnerability being exploited.”
Donovan also noted that coverage for dependent business interruption events - extending beyond just an insured’s IT service providers - has become more widely available, as defending against supply chain attacks is an increasingly critical concern for businesses across all sectors.
Providing an example to illustrate how the market has adapted, Donovan shared: “If a ransomware event hits automated machinery in a sawmill and they can’t deliver products to your manufacturing operations, you can now get coverage for these cyber perils affecting your dependent providers.”
Significant cyber incidents, like the disruptions experienced by Change Healthcare, highlight the critical importance of contingent business interruption coverage. In this case, system outages led to substantial delays in payment processing for numerous healthcare providers, with estimates of data breach costs reaching $1 billion.
This situation underscores the necessity for businesses to ensure they have robust coverage that protects against disruptions not only within their own operations but also from cyber incidents affecting their third-party vendors.
With direct written premiums for cyber insurance projected to reach $23 billion globally by 2025, and US businesses expected to account for about 56% of this total, the market is witnessing an influx of new players entering niche specialties to tackle emerging risks.
This growth has led to significant variability in market offerings, underscoring the critical need for brokers to read the fine print. “Policy forms are not at parity at all,” warned Donovan. “There are vulnerabilities for insureds in not catching new exclusions.”
“When comparing declarations pages to online portals, everything may appear to be apples to apples. However, there can be exclusions buried deep within the policy form that weren’t noted or that clients weren’t aware of when they purchased the coverage,” he continued.
While online services promote streamlined download connections, providing a simplified view of policy options with a focus on key details like coverage limits and premium costs, they can obscure important exclusions and nuanced terms buried deeper within the policy language.
As the industry increasingly shifts to digital delivery of policies, it’s essential for brokers to bridge any existing information gaps with clients. They must pay close attention and thoroughly examine the fine print to ensure comprehensive coverage.
“Brokers need to spend time reading the policies, getting into the weeds, and really take it beyond the declarations checklist that they show to their clients,” advised Donovan.