The content of the first cyber policies was completely different. In fact, they can hardly be compared to what insurers offer today. Moreover, in the early years there were two tendencies: there were property insurers offering solutions for cover against the company’s own claims, and liability insurers who focussed on third-party cyber claims.
In the years that followed insurers were increasingly offering both kinds of cover within the same policy. You could also see how other insurers expanded their traditional policies with aspects of this cyber policy. For example: various insurers offered ransomware cover within their kidnap and ransom policies. But they are now turning away from this practice. Two insurers have recently removed ransomware coverage from their kidnap and ransom policies. It is becoming standard practice to underwrite it within a cyber insurance policy. We also witnessed this ‘coming-and-going’ trend in property and fraud insurance. Insurable cover within a cyber policy was originally added to existing insurance solutions.
That such overlaps are now disappearing proves not only that cyber insurance has become a mature and independent product, but also that it is recognised as such. Cyber insurance has grown into a mature product in 2018. It is no longer a product on the fringes of existing insurance solutions, but a fully developed policy with three comprehensive elements: cover for a company’s own claims, cover for third-party claims and a helpline.
Vanbreda urges insurers to extend current cyber policy with new coverage. It is clear that this policy will also soon include invoice fraud risk coverage. It will no longer require a breach of the insured party’s system, something which is today crucial for triggering a cyber policy. A false invoice delivered via e-mail or an incidence of CEO fraud via e-mail can in future be covered as an option within the cyber policy.
A second change that will emerge is price-setting for policies. Considering the high number of claims that we identify these days and also the increasing severity of claims, it is clear that cyber policies will become more expensive. This is a logical principle in the world of insurance: insurers have to have sufficient resources available to be able to pay out on all claims. The correct balance between claim and premium is crucial here.
A third change that we expect is that insurers will become stricter about their conditions of acceptance and about the risks that they are prepared to cover. This is in order to keep cyber risk insurable. More stringent screening is also on the horizon. This will be made possible through the questionnaires they use, by organising acceptance visits to companies and through the use of so-called ‘underwriting tools’.
KOVRR and Fing are InsurTech start-ups. Both have developed an underwriting tool that permits a firm to be digitally examined from afar. What kind of reports are circulating about this firm on social media? What is the situation with regard to their IT maturity? Is their website adequately protected? Is their name circulating on the dark web?
Insurers will increasingly take into account such information when determining an appropriate rate and the associated conditions of acceptance. The tools will certainly help them get an idea of the risks that they are taking on. Finally, there is agreement in both the insurance and business sectors about one thing: this risk is increasing.
We are happy to prepare a bespoke proposal for cyber insurance that suits your firm. To make sure this insurance solution is a good fit, we would like to have a clear picture of how your firm currently protects itself against cyber crime. You can consult the questionnaire here. Please send the completed questionnaire to firstname.lastname@example.org so that we can provide you with a suitable proposal.