With primary rate changes approaching 50% and underwriting questions about network controls becoming more and more detailed, cyber insurers and reinsurers are reacting to an onslaught of ransomware attacks against policyholders and prospects.
But are the actions enough to keep ahead of the bad guys? Did they react too slowly?
Questions about the adequacy of underwriting actions came up more than once at industry conferences this year. At the Casualty Actuarial Society Seminar on Reinsurance, Brad Gow, global cyber product leader for Sompo International, revealed just how far ahead threat attackers have moved.
“During their reconnaissance phase, they began to rift through the financial files looking for cyber insurance information [to] identify how much in limits was potentially available,” he reported as he described an escalation in the frequency and severity of ransomware attacks that once focused on target companies with roughly $200 million and are now zeroing in on businesses with $1 billion or more in revenue. “We saw this happening. That changed the game. That sudden increase in severity along with the unchecked frequencies of these attacks really forced underwriting teams and carriers to respond,” he said.
Gow spoke after Alexander Podmore, assistant vice president and cyber underwriter for Swiss Re, serving as moderator of the CAS conference session, reviewed the history of cyber coverage from its beginnings in the late 1990s — when the coverage took the form of extensions on professional lines policies covering Internet security liability, online media liability and errors in data processing — to the standalone policies available today. He reviewed product developments in the 2000 and 2010 decades that saw third-pa ..
Support the originator by clicking the read the rest link below.
