Insurance Against Cyber Attacks Gains Steam Alongside Rising Risk

(Page 2 of 2)

a large insurance carrier like AIG typically offers the first layer of insurance coverage, and a firm like Argo offers additional coverage that goes beyond the limit of the primary insurance. “By playing in the excess layer, you get to observe what’s going on while collecting the premium,” Kelly says.

Currently, Argo has more than 300 cyber policies with a limit of between $5 million and $10 million. About 20 percent of those provide primary insurance, a portion of business that Kelly says he expects to grow as the insurer gains more knowledge on the market through its underwriting activities. Companies seeking this kind of coverage are predominantly in the healthcare, financial services, and education sectors, he says.

(Argo, like many insurance companies, is based in Bermuda. About 20 percent of the insurer’s employees are in San Antonio.)

But even as attacks like WannaCry illustrate the havoc ransomware can wreak on business operations, half of U.S. companies don’t have cybersecurity insurance policies, according to a recent survey. (This, even though 61 percent of those companies expect cyber breaches to increase in the next year.) The survey, which was conducted by consultancy Ovum for FICO, a Silicon Valley analytics firm, found that only 16 percent of U.S. executives said their companies had cybersecurity insurance that covers all risks.

So why the disconnect? “Similar cyber insurance products offered by different providers often include alternative features, which makes it difficult for buyers to compare policies by value and price,” according to a report from Deloitte. “It’s often not clear to the buyer exactly what such coverages entail, and whether they are comprehensive in terms of the exposures they address,” the report states.

Kelly agreed that coverage is still evolving. He adds that he remembers when employment practices and liability insurance—covering sexual harassment, wrongful termination, and discrimination—was new in the early 1990s. That market developed, and this one will, too, he says.

“Insured [companies] have a tough time putting a value on a cyber policy,” Kelly says. “But cyber incidents are real risks and real losses have been incurred for data breaches and ransomware events.”

Single PageCurrently on Page: 1 2 previous page

Trending on Xconomy