September 25, 2015 by Canadian Underwriter
ACE Group has announced the launch of its Global Cyber Facility, providing up to US$100 million of primary capacity.
To meet growing demand, ACE announced the facility, “which goes beyond standard risk transfer by incorporating a comprehensive risk management solution into a single policy purchase,” the multiline property and casualty insurer said in a press release on Thursday.
ACE noted that as the number of highly publicized cyberattacks has increased in recent years, the demand for cyber security insurance has escalated rapidly, with industry analysts forecasting a growth of 150% in the next five years. “However, large corporations are finding it increasingly difficult to secure the cyber security insurance protection they need,” ACE said.
In addition to providing up to US$100 million of primary capacity, the facility “incorporates integrated loss control services provided by industry-leading cyber security experts, a proprietary application process designed to assess an organization’s current risk profile, a specialized policy form, comprehensive claims management, and ongoing, detailed analysis to help organizations detect potential weaknesses that could give rise to future cyberattacks — all within a single policy purchase and backed by the financial strength of ACE’s A++ balance sheet.”
ACE calls the solution the first of its kind in the industry that is “available to eligible companies worldwide.” An ACE spokesperson told Canadian Underwriter that the “facility is available in Canada. It’s designed for large companies that are seeking significant cyber insurance capacity paired with robust loss control services to improve the organization’s cyber risk posture.”
Key features of the facility include the following:
• Increased primary capacity to meet the needs of large insureds, with up to $100 million per insured for qualifying risks globally;
• ACE will act as the single point of contact for all global cyber facility components including underwriting each risk, evidencing global coverage, managing the claims process, and coordinating loss control services both pre- and post incident;
• The integrated loss control service offering includes the following:
• Core Security Defence, which incorporates a review of the implementation of and compliance with industry standard security controls for protecting information;
• Enterprise Risk Management, which measures the completeness of vision and cultural awareness of information security and privacy at the Board level;
• Incident Response Capabilities, which measures the detection and response capabilities in the event of a network security or confidential data compromise;
• Business Interruption Calculation, which calculates the financial outcome based on the organization’s ability to withstand and recover from interruptions in network operations.
• Data Analytics and Industry Metrics, which provides an “outside looking in” perspective on cyberattacks. Provided on an ongoing basis throughout the life of the policy, this analysis combines data from multiple vendors with ACE’s own proprietary claims data, giving insureds insight into current threats that could lead to a compromise of the network or a data breach.
“These five pillars combine to support a broad cyber risk framework, which was created working with industry-leading cyber security experts to analyze data and identify the core strategies that can help organizations mitigate future risk,” ACE said in the release.
Other features an enhanced underwriting process that incorporates the expertise of ACE’s vendors from the application process through the binding of each policy, a specialized policy form designed exclusively for global cyber facility insureds that incorporates the full breadth of ACE’s cyber security offering and experienced claims management by ACE’s expert claims staff, with the ability to access the insurer’s data breach team, if preferred.
The loss control services offering incorporates five core strategies, with one or more services provided by BitSight, FireEye, Navigant, NetDiligence, Promontory Financial Group, and/or Verizon Enterprise Solutions. All products and services may not be available in all instances and product offerings may vary by ACE location, ACE said in the release.
“Boards recognize that cyber insurance is a priority, but they also know that risk transfer isn’t enough,” said Toby Merrill, division senior vice president, Global Cyber Risk Practice, ACE Group. “Risk managers are asking for a comprehensive strategy that helps them assess their cyber and data privacy risk, incorporates appropriate loss control services to mitigate losses before they happen, provides access to post breach services to assist them in the event of a breach, and offers higher limits to meet their coverage needs.”