More buyers, new products and more diverse coverage are transforming the cyber risk insurance market

Paul bantick

The insurance market for cyber risks is changing fast to keep pace with the risk landscape, according to Beazley’s Paul Bantick (pictured).

The market is fast evolving beyond its origins in the US data breach market – within which Beazley took an early lead to carved out its place as the leading Lloyd’s underwriter of cyber premium.

“It’s been a transformational six months for cyber,” Bantick, who is Beazley’s team leader for its technology, media and business services underwriting, told StrategicRisk.

More risk managers beyond the US – and particularly in Europe – are buying data breach covers, he noted, particularly among retailers, banks and financial services firms. Some of this is being driven by the EU’s incoming General Data Protection Regulation, enforceable from May next year.

Attacks are becoming “more malicious”, Bantick suggested, aiming to not just to steal and defraud but to disrupt and cause maximum damage to targeted organisations. “That’s making it very expensive, and targeting entities that don’t necessarily have data breach exposures,” Bantick said.

This is bringing new buyers to the cyber market, he suggested, such as manufacturers, critical infrastructure, and energy utilities. These buyers are more concerned with “material downtime and business interruption” rather than a data breach and stolen information.

“Look at market since 2009 and it’s probably been 90% focused on data breach,” said Bantick. “There’s still a strong demand for those products, and by some estimations the market has grown to as much as $4bn now.”

However, the market is responding to the new buyers seeking cyber covers for different reasons. “They didn’t buy a cyber product before because there wasn’t one fit for their purposes. Now products are available for that,” said Bantick.

He pointed to Beazley’s “Vector” strategic partnership with Munich Re as a venture designed to allow a broader suite of cyber covers beyond the core data breach products pioneered by Beazley. The new covers are also bigger, not the $10-20m limits of old but $100m layers of insurance.

“It gives us more of a holistic approach. That’s driving a lot of demand right now. We’ve seen a big increase in client interest,” said Bantick.

He gave an indication of the breadth of risks now being considered. “Clients are considering business interruption, contingent business interruption, regulatory and other privacy liability covers. A lot are also looking at the potential for property damage caused by a cyber breach, or a breach that could cause pollution.”

More purchases are occurring because the issues have become so much more high profile, meaning boards are starting to ask more questions about the risks and what security or risk transfer is in place. This summer saw the forced exit of Equifax CEO Rick Smith, following a cyber hack at that firm.

Bantick described board-level interest as a “major driver” for purchases. “They read the newspapers; they see the big events,” he added.