Why you shouldn’t treat cyber policies like auto or property policies

Many brokers and insurers are treating cyber coverage the same way they would a generic home, auto or CGL cover, a cyber expert warns, and this is not only eroding the trust of clients, but also putting them at risk.

Matt Cullina, managing director of global markets at CyberScout, says he’s seeing many antiquated cyber coverages contained in commercial policies because the coverage is not being kept up to date as technology and threats evolve.

In some situations, cyber coverages may have been bought a few years ago and renewed without a second thought, he observed. But the old coverage of two years ago won’t likely meet the coverage requirements of today, since ransomware demands are escalating, as are the costs associated with a cyber breach.

“When we do the claims adjusting for our insurance partners, we’re getting a lot of frustrated policyholders because they expected certain things to be covered or certain things to be covered up to a limit,” Cullina told Canadian Underwriter.

Absent adequate coverage limits or sublimits, cyber clients are thus forced to pay out of their own pocket for expenses for which they expected coverage. “So it’s causing annoyances, let alone that grievance, at the policyholder level,” Cullina explained.

iStock.com/MangoStar_Studio

He stressed that cyber products become stale after three or four years. Insurers should regularly be updating the coverage, and brokers should be asking the right questions to keep pace with their clients’ cyber needs.

“This isn’t a traditional insurance product that you can just have out there for 10 years and it’s going to be fine,” Cullina said. “With the risk changing, and with the complexities of the claims changing, products need to evolve every three to four to five years. And if insurers aren’t keeping up with that, things like severity going up are going to happen; and things like customers being less satisfied with the product are going to happen.”

The landscape is dynamic, with more hackers and fraudsters joining the scene and finding new, clever ways to dupe people, as Cullina observed. “For [fraudsters], it’s like a mega-black market business. They’re going to keep pivoting what they’re doing to continue to monetize, at an increasing level, all the crimes they’re committing. I think insurers who actively want to play in the market need to be as sophisticated [as the fraudsters] and keep up with that.”

The inability to keep cyber coverage current is exposing the need for the insurance industry to have “smart solutions” available for clients and professionals. There must be strong expertise around the cyber product, whether it’s on the pre-loss or the post-loss side of the equation, Cullina said. “It’s not just an insurance product. It has to be a serviceable solution being managed by knowledgeable claims people.

Feature image by iStock.com/thomas-bethge