Insurance Against Cyber Attacks Gains Steam Alongside Rising Risk

Cybersecurity persistent threats

a large insurance carrier like AIG typically offers the first layer of insurance coverage, and a firm like Argo offers additional coverage that goes beyond the limit of the primary insurance. “By playing in the excess layer, you get to observe what’s going on while collecting the premium,” Kelly says.

Currently, Argo has more than 300 cyber policies with a limit of between $5 million and $10 million. About 20 percent of those provide primary insurance, a portion of business that Kelly says he expects to grow as the insurer gains more knowledge on the market through its underwriting activities. Companies seeking this kind of coverage are predominantly in the healthcare, financial services, and education sectors, he says.

(Argo, like many insurance companies, is based in Bermuda. About 20 percent of the insurer’s employees are in San Antonio.)

But even as attacks like WannaCry illustrate the havoc ransomware can wreak on business operations, half of U.S. companies don’t have cybersecurity insurance policies, according to a recent survey. (This, even though 61 percent of those companies expect cyber breaches to increase in the next year.) The survey, which was conducted by consultancy Ovum for FICO, a Silicon Valley analytics firm, found that only 16 percent of U.S. executives said their companies had cybersecurity insurance that covers all risks.

So why the disconnect? “Similar cyber insurance products offered by different providers often include alternative features, which makes it difficult for buyers to compare policies by value and price,” according to a report from Deloitte. “It’s often not clear to the buyer exactly what such coverages entail, and whether they are comprehensive in terms of the exposures they address,” the report states.

Kelly agreed that coverage is still evolving. He adds that he remembers when employment practices and liability insurance—covering sexual harassment, wrongful termination, and discrimination—was new in the early 1990s. That market developed, and this one will, too, he says.

“Insured [companies] have a tough time putting a value on a cyber policy,” Kelly says. “But cyber incidents are real risks and real losses have been incurred for data breaches and ransomware events.”

Pages: Page 1, Page 2

Author: Angela Shah

Angela Shah was formerly the editor of Xconomy Texas. She has written about startups along a wide entrepreneurial spectrum, from Silicon Valley transplants to Austin transforming a once-sleepy university town in the '90s tech boom to 20-something women defying cultural norms as they seek to build vital IT infrastructure in a war-torn Afghanistan. As a foreign correspondent based in Dubai, her work appeared in The New York Times, TIME, Newsweek/Daily Beast and Forbes Asia. Before moving overseas, Shah was a staff writer and columnist with The Dallas Morning News and the Austin American-Statesman. She has a Bachelor's of Journalism from the University of Texas at Austin, and she is a 2007 Knight-Wallace Fellow at the University of Michigan. With the launch of Xconomy Texas, she's returned to her hometown of Houston.