Cyber insurance is something that all companies are considering now that cyber crime and IT incidents have become an existential threat. Every year the number and variety of threats grows along with the expense and consequence of each attack. Companies who want to be prepared and protected for the losses that are likely to occur sign up for cyber liability coverage (also known as data breach insurance).
Choosing to add cyber insurance coverage is important, but just as important is choosing the right kind of coverage. As the cyber insurance market has steadily grown over the years the number of insurers and the variety of available policies has expanded significantly.
Having more options to choose from ensures that policies are competitively priced and customized for a variety of needs. But it also means that finding exactly the right policy takes more time and research. This site is intended to help decision makers find quality information in less time. In order to help you kickstart your research, explore an overview of the major cyber insurance companies in the industry.
Allied World Insurance
Over the course of 2016 this company wrote $32,533,000 in premiums, which represents 2.4 percent of the industry total. The company promises to provide end-to-end solutions to clients as part of its Specified Response Vendor Solution (SRVS) cyber products.
Uniquely, Allied World Insurance offers products tailored to both large and small companies based on need and budget. Most of the traditional coverage options are available, along with value-added services designed to help policyholders improve security and readiness. The company also allows policyholders to access approved vendors for faster disaster response, and to tailor their coverage for notification and monitoring.
The company partnered with Blackberry in 2017 in order to improve the quality and variety of cybersecurity resources available to policyholders. A variety of tools help users to assess their threat level, evaluate their present security measures, and prepare/practice for a variety of different attacks. Allied World Insurance sets itself apart by assisting policyholders to take a proactive approach to cyber security.
Liberty Mutual Insurance
Throughout 2016 this company wrote $34,343,000 in premiums and occupied 2.6 percent of the market. Liberty Mutual offers policies that are designed for the needs of small and midsized businesses. Policies are broken down into four distinct categories, allowing policyholders to tailor their coverage areas and limits based on their unique needs.
The four categories are as follows - Data Compromise Response Expense, Data Compromise Defense and Liability, Attack and Extortion, Network Security Liability. In total, these policies offer aggregate limits of $1 million.
Liberty Mutual is one of the largest insurers in the country, which is an important consideration when evaluating who to work with. The time following a cyber attack can be extremely stressful and confusing, and cyber insurance is intended to provide confidence and direction. Working with a company that has the reputation and resources of Liberty Mutual eliminates a lot of uncertainty.
AXIS Capital Holdings Ltd.
This company wrote $50,273,000 in premiums over 2016 and has a 3.7 percent share of the market. The company serves a wide variety of policyholders but largely specializes in tech companies. These include software and hardware manufacturers, cloud providers, database managers, application service providers and many more. Though cyber insurance is important for all companies, it is especially important for companies with a large tech footprint.
AXIS Capital Holdings LTD offers a single policy that is designed to cover the major expenses and incidents that arise from a cyber incident. Liability is covered for things like unintentional breach of contract, defamation, intellectual property infringement, denial of access and more. These policies are backed by the insurer's experienced underwriters and dedicated legal teams.
Policyholders have the option to add endorsements for things like data breach notification, business interruption losses, data recovery expenses, and cyber extortion costs. Coverage is available to businesses worldwide and offers more customization options than some other policies. The company also offers cybersecurity auditing to customers at no charge.
BCS Insurance Co.
This company wrote 4.1 percent of the premiums in 2016, totaling $55,411,000. More commonly known and Blue Cross Blue Shield, the company offers protection against risks ranging from lost devices to malicious attacks to accidental breaches, along with coverage for both first-party and third-party losses.
There are a few highlights that set the BCS Insurance Co apart from others. Up to $30 million in coverage is available, which is suitable for even some of the largest enterprises. Coverage applies to a variety of regulatory penalties, lawsuits, and incidents that expose employee data. The company has also taken steps to expedite access to resources for policyholders contending with the immediate aftermath of a cyber incident.
CNA Financial Corp
In 2016 the CNA Financial Corp wrote $68,476,000 in premiums and had a 5.1 percent share of the cyber insurance market. There are a number of different coverage options available, each tailored to specific threats and vulnerabilities.
First-party coverage is available in response to loss or damage to a network, e-theft, business interruptions, and network extortion. Third-party coverage is available in response to network security liability, media liability, privacy beach notification, and regulatory liability. CNA has an experienced team of underwriters available to help policyholders evaluate their level of risk and calibrate the appropriate level of coverage.
One concern when picking cyber insurance policies is that gaps in coverage leave companies exposed to significant liabilities. CNA Financial Corp does more than many insurers to relieve this risk by offering a wide range of additions and extensions to basic coverage options. For companies that face large or unusual exposure to cyber threats, the flexibility of the available coverage proves to be a real asset.
Beazley Insurance Co
During 2016 this major provider of cyber liability insurance wrote $83,908,000 in premiums and held on to 6.3 percent of the industry total. The Beazley Insurance Co. claims to provide a 360-degree approach by addressing the most common types of risk and the most consequential forms of losses. Beazley also provides resources before, during, and after an attack occurs.
The company provides first-party coverage in the following categories – cyber extortion, data recovery costs, business interruptions, business interruptions caused by third parties, and e-crime coverage. Coverage options are broken down into three distinct towers, each designed to tailor the depth of coverage to the policyholder's ongoing budget.
Beazley also offers several innovative services, including an in-house team dedicated to helping policyholders manage the aftermath of a breach. The company also manages a proprietary risk management portal that trains users about various cyber threats/risks and helps companies evaluate and upgrade their present level of cybersecurity. Beazley excels at providing policyholders a comprehensive approach that extends beyond just coverage options.
Travelers Companies Inc.
This company is in the top five in terms of cyber insurance with $92,198,000 in premiums and a 6.9 percent share of the market. The company has one of the largest and most diverse ranges of coverage options available, including policies designed for the smallest and largest businesses. There are even options tailored specifically for tech companies, public companies, and the smallest companies – all entities with unique needs in terms of vulnerability.
In addition to coverage for a wide range incidents and related expenses, Travelers offers resources to policyholders both before and after an issue arises. Dedicated cyber coaches are available to help assess risk and answer tricky questions related to cybersecurity. There are also pre-breach resources created by Symantec, one of the leaders in the cybersecurity industry. Accessing post-breach services has been streamlined in order to expedite the recovery effort.
Chubb wrote 10 percent of cyber insurance premiums in 2016, totaling $133,599,000. Coverage options address every major area of concern, and Chubb Ltd. has become a top-three insurer by offering a number of unique value propositions to companies of all sizes.
A few of the things that set the company apart include its experience in the cyber insurance market. This was one of the first companies to enter the industry when it began offering policies in 1998. Coverage is intentionally designed to stay ahead of regulatory requirements, and it includes services to help deflect threats and mitigate losses.
Most policies offer coverage for up to $10 million, but losses of up to $100 million are covered by select policies. Chubb is also one of the few insurers to handle a large-scale privacy breach notification with over 300 million people involved. Considering that there are no minimum premiums, the experience and expertise of Chubb deserve serious consideration.
XL Group Ltd.
After writing $160,809,000 in premiums in 2016 and laying claim to 12 percent of the cyber insurance market, this company becomes one of the leading insurers in the industry. Policyholders are empowered to tailor their coverage to address major categories of risk – privacy and security liability, data recovery, cyber extortion, fines and penalties, regulatory defense and more.
One way XL Group Ltd distinguishes itself is by simplifying the language of policies and providing policy holders with resources that help determine what types and levels of coverage businesses require. Most policies also include access to best-in-class vendors involved with forensics, public relations, credit and ID monitoring, and legal counsel.
The company has also distinguished itself by committing to growing and evolving its coverage options to keep pace with new and emerging threats. The one constant in cybersecurity is change, and growing out of a policy is a major concern for any business that relies on cyber insurance. This particular insurer has carved out significant market share by offering cyber insurance that is suitable for the cutting edge.
American International Group (AIG)
By far the largest provider of cyber insurance is AIG with $228,325,000 in premiums written over 2016 and a 17 percent share of the market. The company offers a product called CyberEdge that promises to provide end-to-end risk management solutions. Assistance starts by offering policyholders access to training materials, threat assessment tools, IP blocking, vulnerability scanning and more. Each of these resources is intended to help policy holders avoid rather than simply recover from an attack.
If an issue does arise, the most common causes and consequences are covered. This includes restoration costs, business interruption losses, third-party losses, regulatory consequences, cyber extortion and more. Includes with coverage is access to a 24/7 response team that provides guidance and support in the immediate wake of an incident.
AIG is a leader in the industry thanks to its two decades of experience offering cyber insurance and the 22,000 companies it has served. Companies choose to rely on AIG because a policy offers more than financial protection, it actually upgrades cybersecurity overall.
How to Choose a Cyber Insurance Company
You may have noticed that even though some cyber insurance companies are larger than others, no single company dominates the industry. The reason is because no single policy is right for the needs of all business all of the time. It's up to each business to look past flashy promises and sales gimmicks and carefully evaluate which cyber insurance company actually provides the right protection for the right price. Follow these steps to begin narrowing down your options and focusing in on the ideal choice:
1. Assess your business needs
How likely are you to face an attack, and how strong are your existing security measures? Understanding how vulnerable your company is and what kinds of consequences would follow from an attack reveals what types of coverage and limits are appropriate.
2. Evaluate your existing coverage
General business liability coverage typically does not cover losses related to cyber incidents, and when coverage does exist it is minimal. Understanding what kind of coverage is currently present or missing is important for developing comprehensive coverage.
3. Compare options and terms
Get quotes from multiple cyber insurance companies and compare the kinds of coverage they offer against the terms, limits, premiums, and deductibles. The right choice is very rarely the first choice. Evaluating multiple quotes helps differentiate between the good options and the ideal options.
4. Understand risk broadly
Focusing on cyber liability is important, but it's not the only kind of risk that companies face. It's also possible for data to be stolen off of printouts, whiteboards, or even through second-hand conversations. Cyber is a dangerous landscape, but it's not the only one where data is threatened.
5. Be conscious of the cloud
Some policies differentiate between data that is stored in-house vs. data that is stored in the cloud. Companies that rely extensively on cloud storage or SaaS applications must evaluate if and when they are excluded from coverage.