A recent outlook from insurance brokerage Willis sees premiums for most types of commercial insurance declining in 2016. But in the wake of a string of breaches in which hackers exposed mountains of data at big companies, Willis said cyber premiums could rise as much as 15% next year. Companies that are seen as particularly vulnerable to breaches, such as retailers and health care providers, could see price hikes of up to 150%, Willis said, but noted that small companies should see smaller increases.
Plethora of Cyber Policies
Joshua Gold, a partner in the New York office of law firm Anderson Kill and chair of its Cyber Insurance Recovery Practice Group, suggested that companies shopping for cyber insurance shouldn’t make the cost of coverage their primary consideration.
“That old adage ‘You get what you pay for’ can absolutely be the case here,” said Gold. “This is not the area where I would make the price the determining factor.”
There are currently many insurers offering cyber coverage, and there is no standard cyber policy. That diversity means companies have to be careful “comparison shoppers,” he said, and it makes it important that they work with an experienced broker.
“Because there are over 65 different primary insurance policies in the market, there’s not much uniformity of product,” he said. “I would not use just an insurance broker who is a jack-of-all-trades; I would find a broker who specializes in this coverage and really is conversant in the terms and the details.
“The market right now is pretty negotiable on terms, but you have known what to ask for,” Gold added. “Lots and lots of insurance policy forms in the cyber marketplace I think do a poor job of being clear and certain in terms of what the coverage is. But if you have a good broker at your side, they can often get endorsements that these insurance companies will offer and put them on the policy to make the terms clearer and the coverage more certain and have a broader scope.”
For example, he said, if companies use cloud computing, they should be sure that their cyber insurance policy makes it clear that the coverage extends to breaches that occur on a third party’s network or servers.
“Another important example is, there are conditions sometimes that say something like ‘The policyholder will use, at all times, the best cutting-edge security and always be reasonable in the way that they handle their data,’” Gold said. “That kind of vague clause is very susceptible to a big coverage fight that will lead to litigation. Reasonableness and what’s cutting-edge at the time is very much a subjective analysis.”
To read the full article: Tough Market for Cyber Insurance