Although insurance companies continue to struggle accurately gauging organizations’ cyber risks, primarily due to a lack of actuarial data and risk aggregation, experts claim that cybersecurity rates for most sectors are increasing at a slower pace compared to 18 months ago. On the other hand, however, large companies in the retail, healthcare, financial and hospitality sectors are still seeing rates increase due to recent large-scale breaches in these sectors. “The market remains robust,” said Robert Parisi, managing director and national cyber risk product leader at Marsh L.L.C. in New York. After recovering from some large data breaches, insurers have “started to move forward,” and recent aggressive rate increases are “starting to moderate somewhat.” Parisi further explains that we have seen “a high degree of flexibility,” as insurers have begun to offer broad coverage levels “as long as applicants were able to provide appropriate underwriting information.” Additionally, Lauri Floresca, senior vice president and partner at Woodruff-Sawyer & Co. in San Francisco told Business Insurance, “We’re in an expanding period, We’ve seen a lot of capacity come in over the last 18 months, and while there was a bit of a hard market for the very large consumer-facing companies … most of that has played through the market right now.”
Experts estimate that the overall market capacity has reached around $4 billion which include policies from 65 to 70 insurers. Cyber insurers have also begun to aggressively target middle market companies with less than $1 billion in revenue, lacking significant amounts of personally identifiable data, according to Kevin Kalinic, Chicago-based global practice leader of cyber/network risk at Aon Risk Solutions. On the buyer side, Shawn Ram of Crystal & Company explains that companies are increasing focus on controls, protocols and procedures around cybersecurity issues as well as data breach response plans which increased insurers comfort level in underwriting cyber-risk. As underwriters begin to focus on technology and cybersecurity practices when writing policies, we can expect increased capacity as well as lower rates in the cyber insurance market.