At the 2015 Advisen Casualty Insights conference, a panel discussed cyber insurance in the casualty insurance industry. The panel consisted of Joe Cellura from Allied World, Ron Beiderman from ISO, Jerry Gallivan from Travelers, Josh Gold from the law firm Anderson Kill, and Michael Tanenbaum from ACE. In numerous surveys, risk managers have ranked cyber risk as their top concern.
Cyber claims take many forms, including online data breaches and the loss of a laptop or thumb drive. The panel stressed that, as an industry, we need to develop a common language when we talk about this issue to avoid confusion. Most think of cyber losses in terms of theft of information through hacking or a virus. However, the most common claims under a cyber policy are not related to hacking, but rather rogue employees, lost devices, or physical theft of information.
There is much confusion on what cyber events are covered under a standard CGL policy, if any. The standard GL product does not cover the theft of information from the insured, either through online hacking or theft of the data through other means. As the risks associated with cyber losses became more apparent over the years, the standard CGL policy has been continually modified to excude many types of cyber losses. This has created a need for a separate policy to cover the cyber risks.
When considering your cyber coverage needs, the first thing you need to do is map your data and know what information you have and where it is kept. Another item to consider is whether a standard cyber policy adequately protects you against all potential exposures. Other factors to contemplate include D&O coverage and bodily injury protections. The technology exists today to hack into something and potentially cause bodily injury. Most cyber policies exclude bodily injury. As the technology continues to evolve, it creates more and more potential perils that may or may not be covered under certain policies. To ensure all of these potential perils are covered, there is a need for interplay between multiple policies. One way to do this is to place all coverage through a single carrier because the carrier designs their policies to have distinctions between what is covered among them. When you involve multiple carriers, you lose the interplay between the policies that defines what is covered, so there could be gaps.
Today cyber is a $2 billion market and continues to grow rapidly. Many predict this will be a $5 billion market within five years.