Manny Carmona: RCLS
Commercial Insurance Advisor
mcarmona@w3ins.com 727-522-7777 ext 143
Sharp Pivots in Cyber Insurance Market Keep Brokers
Busy
A rapidly shifting cyber insurance market has brokers working harder to keep pace with coverage restrictions,
diminished capacity and some of the most significant underwriting and pricing moves to date—all amid heightened
client demand for a product now viewed as essential to any business.
Even as the broader property and casualty insurance market hardened, cyber insurance remained relatively stable,
with plentiful coverage at reasonable prices, according to brokers. That seems to be changing weekly, as cyber
insurers grapple with vast losses to an array of threats, chief among them being ransomware and systemic risk
aggregation. There are also isolated instances of quick underwriting reactions to the SolarWinds hack, which has
the industry nervous. However, these reactions are not yet widespread.
Nearly every carrier has implemented new application questions, usually with separate ransomware supplements.
Pricing and retention are on the rise, and available limits are lower. And when the market began to change, it
changed quickly and often.
“There were shifts in November, more shifts in December, more shifts in early January [and] more shifts in late
January,” Chris Reese, cyber and technology insurance practice leader at Lockton, said. “It’s the gift that keeps on
giving.”
“It’s a brave new world this week,” said Mike Robison, national practice leader for CRC Insurance Services, who
spoke during a recent webinar hosted by the Wholesale & Specialty Insurance Association (WSIA).
"We haven’t seen every market act the same, but there is a substantially heavier focus on risk management and
controls directly correlated to ransomware exposure,” Christiaan Durdaller, president and CEO of INSURETrust,
said. “So, it’s a sign of what’s coming.”
Underwriters are no longer shy about walking away from business that doesn’t whet their appetite, with
cybersecurity controls a primary focus at renewal or inception.


Manny Carmona: RCLS
Commercial Insurance Advisor
mcarmona@w3ins.com 727-522-7777 ext 143
“Underwriters have always looked at risks individually, [and] they are doing it even more so now,” Joe DePaul,
head of FINEX, cyber E&O, at Willis Towers Watson said. “There is a heightened sense of needing to get that
information in order to go through the process.”
It’s a bumpy road for brokers and buyers, according to CRC’s Robison. Much of the shifts center around coverage
restrictions, coinsurance and sublimits on any provision tied to ransomware, including extortion and business
interruption.
“This is what’s driving the losses, and it’s what is driving the carriers,” said Mickey Estey, SVP, E&O/cyber/media
at RT Specialty, who spoke on the WSIA panel. Insurers are regularly seeing seven-figure demands—and they’re
being paid, erasing policy limits in one day and triggering multiple provisions. Estey added, “If it’s so bad the
carriers are saying, ‘We don’t even want to play,’ that’s a big shift.”
For the risks insurers find appealing, the price needs to be right.
“Pricing’s definitely not going down,” said David Lewison, senior vice president at AmWINS, during the WSIA
event. Lewison cited 30% increases being at the lower end of overall increases.
The volatility in pricing prompted Marsh to, for the first time, offer a month-to-month look at pricing changes in its
quarterly market update, according to Meredith Schnur, U.S. cyber brokerage leader at Marsh. The soon-to-be-
released report for the fourth quarter of 2020 will show a jump from an 11% average increase on cyber insurance
in November to a 26% average increase in December, Schnur told Advisen.
All that said, coverage is available, client demand is rising and brokers are building towers. Most brokers don’t feel
it’s a true hard cyber market, at least not in the traditional sense as other P&C lines are currently experiencing.
“That’s when we can’t find capacity,” Schnur said, adding that—for the month of December—Marsh successfully
placed all its Dec. 31 to Jan. 1 renewals. The biggest challenge comes down to being able to plan ahead and set
client expectations in a fast-moving market.
“We could be planning to the best of our ability and we’re still going to have curveballs,” Schnur said. “It
absolutely varies by carrier. When a market comes out with sharp pivots—not a slow and steady introducing of
change—it really throws us for a loop.”
However, a key message is that scaling back on ransomware coverage doesn’t negate the value in a cyber policy
for data breaches, privacy, business email compromise or the many other digital threats organizations face.
“There’s so much coverage under a cyber policy,” added Schnur. Buyers with solid ransomware prevention and
business continuity plans may not even see coverage restrictions, Schnur explained.
Coverage changes place additional burdens on brokers, prompting them to quickly find new solutions and go to
market more frequently on business, particularly in the last year or so. Variation in cyber policies has long been a
sticking point for many buyers who want as close to an apples-to-apples comparison. In this market, though,
brokers focus more on the differences.
“You need a sophisticated team of individuals to take a very deep look, and you have to understand how these
policies will respond and communicate that back to clients,” WTW's DePaul said.


Manny Carmona: RCLS
Commercial Insurance Advisor
mcarmona@w3ins.com 727-522-7777 ext 143
“In terms of what we’re dealing with, standardization of coverage is not the top-of-mind problem,” Lockton’s
Reese said. A more prominent focus is helping clients with their cybersecurity posture, and, while there are some
common themes, it’s “… not cookie cutter, [and] there’s a divergence of underwriting philosophy,” Reese said.
As insurers analyze the many claims they’ve received over the life of the line, most—but not all—have begun to
require certain cyber basics of clients. Brokers say carriers look for multifactor authentication at a minimum, along
with controls around privileged access and remote desk protocol. They also want to see organizations
implementing rigorous patch management programs, backup segmentation and endpoint security. But, brokers
say there’s no broad generalizations possible to answer the questions.
For their part, underwriters have expanded their teams, with most embracing third-party, cyber risk assessment
firms to provide external scanning capabilities and a technological view of an insured’s cyber posture.
“We’re seeing a couple of larger players introducing some scanning component as part of their underwriting
process,” Lewison said. “The better informed you are, the better you can underwrite.”
It’s a move that makes sense in the view of most brokers, as long as it doesn’t become the de facto decision-
maker.
“We still need to have underwriters who have authority to understand the risks and make decisions on the risk,
because they’re the ones who know the client,” Schnur said.
According to Durdaller, a greater underwriting focus on risk management gives brokers and their clients an
opportunity to boost the take-up rate of risk mitigation services.
“For us, there’s been a heavy focus on the risk management side for several years,” Durdaller said. While many
organizations are quick to make the easy security fixes, like turning on MFA, putting RDP behind a VPN or closing
up open ports, the more complex and pricier implementations are a tougher sell.
"The businesses that successfully marry risk management and insurance in cyber will find more interest in their
risk among insurers,” Durdaller said. “The direct tie between risk management implementation and a reduction or
increase in premium is something we are seeing across a good portion market for the first time in nearly a
decade.”
Some areas of the market are tougher than others, but brokers remain upbeat on their ability to meet client
needs. They also see the changes as a natural shift as the market evolves.
“We don’t know what tomorrow will bring, and it might bring an event that none of us in the industry thought of,”
WTW's DePaul said. “We all see the potential for a far larger, broad pervasive systemic loss. We want the market
to be around for the next 20 years. We want a sustainable market."
“This will be a more challenging year than the recent past when it comes to renewals if brokers haven’t focused
their clients' eyes on a cyber risk management strategy up until this point,” Durdaller said. “The last few years in
some ways have felt like a race to the bottom from a premium standpoint, as the focus was heavy on capturing
market share. Those with market share now have a better opportunity to redefine the risks they want. In 2021,
we expect there to be a healthy correction from cyber insurance companies on a more aggressive scale than we
saw in 2019 or in 2020.”