Cyberinsurance a rare growth market By Noah Buhayar, Sarah Jones and Zachary Tracer
Insurers flush with capital are rushing to grab part of an expanding cybercoverage market that’s been spurred on by high-profile hackings at JPMorgan Chase & Co. andHome Depot Inc.
Sales are set to double this year from about $1 billion in 2013, according to Bob Parisi, head of the network security and privacy practice at Marsh, the insurance brokerage arm of Marsh & McLennan Cos. The policies can protect companies against lost revenue, lawsuits or even damage to their reputation or brand.
“There is a lot of capital looking to find a home,” said Rick Welsh, head of cybercoverage at Aegis London, which sells policies through Lloyd’s of London, the world’s oldest insurance market. “They now see cyberinsurance as a once-in-a-generation opportunity that is set for growth.”
Demand for coverage has accelerated after some of the largest companies in the U.S. revealed that they’d fallen victim to cyberhackers. JPMorgan last week outlined the scope of a previously disclosed data breach, revealing that 76 million households and 7 million small businesses had been affected. Home Depot said in September that a breach put about 56 million payment cards at risk.
The number of cybersecurity incidents globally has soared 48 percent to 42.8 million this year, according to PricewaterhouseCoopers.
The prevalence of attacks, even at banks with some of the most sophisticated network security, means more work needs to be done to mitigate the risk, said Paul Tiao, a partner at Hunton & Williams LLP and former adviser to the director of the FBI.
“This is one of the biggest national-security challenges that we have,” Tiao said Thursday during a panel discussion sponsored by the Financial Services Roundtable in Washington.
Carriers including American International Group, Travelers, XL Group and Lloyd’s insurers like Aegis and Brit are underwriting policies. Competition keeps prices flat, even as some claims are for tens of millions of dollars, said Parisi.
Insurers “wouldn’t be chasing after this risk if they didn’t think they could write it profitably,” he said.
U.S. property-casualty insurers accumulated a record surplus after gains on investment portfolios and two years of calm hurricane seasons. That’s heightened their appetite to add cyberinsurance customers, especially among the small and medium-size businesses that hadn’t previously purchased the coverage.
AIG has been offering the coverage since 1999, said Tracie Grella, the New York insurer’s global head of professional liability. Sales have increased about 30 percent annually for the past couple of years, and are on track to jump about that much in 2014, she said.
She said many of the claims that AIG receives are tied to human error, such as lost laptop computers, rather than organized attacks.