Insights into the state of the ever-changing Cyber Insurance Market

Today, Catherine Mulligan of Zurich North America will testify at the Senate Commerce Committee hearing, “Examining the Evolving Cyber Insurance Marketplace.” Mulligan, senior vice president of Zurich’s Management Solutions Group, will provide insights into the state of the ever-changing cyber insurance market.

Below are the key highlights from her testimony:

So-Called Cyber Insurance Is Quickly Becoming A Need For Commercial Customers

“I will dive into specifics later in my testimony, but overall here is how I see the market. Unsurprisingly, given recent high profile breaches, so-called cyber insurance is quickly becoming a need for commercial customers. However, as a new market it faces a couple of challenges. Some are simple, such as capacity and pricing, which are in flux as the industry grows and learns of new challenges.”

The Term Cyber Insurance Is A Misnomer That Hides The Complexity Of A Cyber Event For Customers And Insurers

“Yet, others reflect the complexity of the challenge. The term cyber insurance is a misnomer. A privacy and security event – the more accurate term of cyber insurance – can also be caused by something simple such as improper disposal of records. At the same time, one cyber event can trigger multiple types of claims, for multiple insureds within one company, and even cause physical damage to a manufacturer or utility.”

As A New Market, It Will Take Time Fully Mature

“The lesson can be boiled down to the simple fact that the scope of the challenge is too broad to be solved by the private sector alone. Not all losses from a cyber attack will be or even could be covered by an insurance policy. This market is new and evolving daily which will require time to fully mature.”

Five Facts To Know

  • The security and privacy insurance market has major growth potential—up to $10B Gross Written Premium, according to Dowling and Partners
  • While new, Security and Privacy insurance was first introduced about 15 years ago and has its roots in technology errors and omissions coverage
  • Four industries dominate buying: health care, financial institutions, technology, retail
  • Approximately 30 percent of breaches originate with a business partner or vendor, presenting challenges to underwriting the exposures and controls and to responding to breaches
  • A recent World Economic Forum report echoes Chairman Thune’s comments from the February 4th hearing on the NIST framework: “Real progress can be made by continuing to enhance public-private cooperation and improving cyber-threat information sharing.”