“I’m a Little Short – Gladly Pay You Tuesday?”

Solvency.  It means you can pay your tab.  Cyber attacks are occurring with greater frequency and effectiveness, resulting in an ever-increasing bill.  The cyberinsurance market is booming, but will policy premiums and carrier reserves keep pace with the cost of claims?

It’s a fair question.

Consider the magnitude of loss problem first.  Once upon a time, to steal from a bank, you had to ride a horse, drive a car, take an Uber – whatever – and enter the bank.  Now, automated cyber attacks can launch innumerable attempts per hour, with likely anonymity and without the constraints of physical travel or the risks that follow telling everyone to get on the ground.  I suppose you could still create a hostage scenario to shut down a casino for a while, but a distributed denial of service attack targeting an online gaming platform is easier, less risky and potentially far more damaging.  In the Dyn, WannaCry and the recent Petya (or not Petya) attacks, we saw how far-reaching a ‘single’ attack can be.  Fact: It’s easier and less risky to do more damage now than ever before.  Insureds are more vulnerable as a result.

Property and Casualty Insurers (property, liability, auto, homeowners etc.) take in over $500 billion in annual premiums.  I’ve read that they generally pay out an estimated $400 billion annually in claims.  Add to that reserves and investment income, and it would seem that P/C carriers can safely say, ‘we’re good for it.’

What about cyberinsurers?

I’ve seen estimates that cybercrime costs businesses over $400 billion annually.  The annual premiums in this market – under $4 billion.  The cybercrime tab will likely never be composed of entirely insured losses, but that tab will inarguably and exponentially grow, as will the percentage of insured losses comprising it.  Will premiums keep pace?

Ask your broker about the financial strength of the carrier quoting your cyberinsurance.  There are a number of agencies that rate carriers (like report cards, except that an A+ is not always the highest rating available).  In this relatively new market, where risks change every day and where there isn’t 50 years of claims data to ensure effective underwriting, you need to consider carrier solvency when placing coverage.  While there aren’t any guarantees in this brave new cyber risk world, it’s logical to assume that the financially stronger carriers will both be around when, not if, Tuesday comes and will be less likely to make questionable coverage determinations simply to protect a vulnerable bottom line.