Canadian Underwriter

Cyber insurers’ appetites are shifting. Here’s what to expect…

November 21, 2022   by Alyssa DiSabatino

A man wearing a blue shirt sits with a laptop on his lap. On the screen is a padlock icon.

Print this page Share

Canada’s ongoing hard market in cyber has seen most insurers capping their coverage at somewhere between $3-million and $5-million, experts observed in a Gallagher Talks session.  

“We’re seeing exclusions for known [software] vulnerabilities [and] capacity restrictions as well,” said Paige Cheasley, team leader and account executive of the knowledge-based economy division at Gallagher GPL. “We used to be able to get maybe a $10-million option, and those are very hard to come by now. Most insurers have kept their appetite at about $5 million, some even as low as $3 million, and they don’t want to quote any higher than that.”  

Also, some market segment and revenue cost restrictions are in place. “For example, manufacturing over a certain revenue threshold, certain insurers may not want to quote that,” said Cheasley. “Each insurer has basically honed down their appetite to really what they only want to quote, just for their own comfort level.”

Premium changes can be expected at around 40-100% increase for above average (i.e. low risk) clients, and between 100-400% for below risk (i.e. high risk) clients, a Gallagher spokesperson explains.

This makes getting a quote more challenging for high hazard-industries, Cheasley said. “It’s not that they’re not insurable….It’s just more challenging. The insurers have less of a broad appetite.” 

Healthcare breach costs were around US$10 million in 2022; for cyber insurers, this has been the most expensive industry segment for 12 years running, according to Ponemon’s 2022 Cost of a Data Breach Report. 

Financial services are also a high-hazard, averaging US$5.97 million in cyber claims costs, followed by pharmaceuticals (US$5.01 million), technology (US$4.97 million) and energy (US$4.72 million). 

“Bear in mind, those high-hazard industries are different from one insurer to another,” said Peter Keryakes, assistant vice president of Eastern Canada and manager of North America financial lines at Chubb. “So, just taking for example, [for some insurers], there’s certainly no interest in [the] professional services or financial institutions. But for an organization such as Chubb, we’re really interested in those types of risks.” 

That said, clients generally face obstacles in getting cyber quotes and coverage. When it comes to purchasing decisions, over 70% of clients do not understand their exposures; and almost 60% do not understand their coverages. The cost of cyber coverage inhibits about 50% of clients, an Advisen Partner Re cyber study found.  

Clients also found the application process to be a major hurdle. 

“[You] have to remember the application is more of a generic form, and not necessarily industry-specific,” said Cheasley. “It’s yes and no answers often. So there’s a lot of grey zone or customization that might be needed from an individual company. I usually highly recommend to my clients that they add any kind of additional information in an annex or supporting documents to go with the application.” 

To get better results in the hard market, brokers should advise their clients to start the renewal process early.  

“It’s important that, on the clients’ [side], the right people are involved quickly — usually the IT team, in particular,” said Cheasley. “They need to understand we need to take the time to properly complete the application forms, and provide as much information as possible in a timely manner, because the underwriters require much more time as well to quote and at look at the account. 

“Another key thing to do would be to check with the insurer early about what their intentions are. Often the insurers are able to tell us early enough whether we should expect some capacity issues — so, reducing limits, higher deductibles, new exclusions, that sort of thing.” 

Clients should also implement insurer recommendations such as multi-factor authentication, employee training, backup procedures and more, so insurers perceive them to be low-risk.  


Feature image by