Cyber insurance is quickly becoming a must-have amid cybercrime, ransomware, and daily threats. But wading through insurers can be a bit daunting.
For large enterprises, cyber policies are increasing the cost of doing business. Large firms such as Equifax, Marriott, and SolarWinds all had coverage to cushion their hits from high-profile data breaches. Smaller enterprises may not have the coverage.
With that in mind, I went shopping.
Also: What is cyber insurance? Everything you need to know | Cyber insurance roundtable: Why cyber insurance has a supply issue
According to NAIC, AXA is the cyber insurance market share leader based on standalone policies. AXA's cyber insurance covers North America and writes policies for data breach response and crisis management, privacy and security liability, business interruption, data recovery, cyber extortion and ransomware, and PCI among others.
AXA also provides risk mitigation resources via partners, as well as an online service called CyberRiskConnect. Here's a sample policy.
AIG's cyber insurance can be used standalone, or added to an existing policy as an endorsement. AIG also offers three cyber insurance products:
- CyberEdge, which covers the financial costs due to a breach, as well as first-party costs.
- CyberEdge Plus, which covers physical world losses caused by a cyber event, including business interruption and property damages.
- CyberEdge PC, which can be added to traditional property and casualty policies.
AIG also offers threat scoring and analytics, as well as tools to prevent attacks. AIG has a network of vendors to restore and recover, too.
Cowbell Cyber aims to automate data collection with its cloud platform, provide observability and monitoring, and then combine it all with risk scoring, actuarial science, and underwriting. The company recently raised $20 million in venture funding.
The company's portfolio includes cybersecurity awareness training, continuous risk assessment, and pre- and post-breach risk improvement services. Cowbell Cyber also has a free risk assessment service called Cowbell Factors, which adds a freemium element to selling cyber policies.
Corvus has a host of business insurance products, but also has a bevy of first-party cyber insurance offerings for business interruption, system failure, cyber extortion and ransomware, and breach response and remediation, just to name a few.
The company, which recently raised $100 million in venture funding, uses a broker-focused approach to use AI to analyze data to predict and prevent loss. The data Corvus brings together helps policyholders, underwriters, brokers, and reinsurers address market requirements. Phil Edmundson, CEO of Corvus, said that artificial intelligence and data science can simplify the cyber insurance workflow. "If you try to read a cyber policy, even knowledgeable people would find it challenging," he said.
Travelers takes a broader approach to cyber insurance, with plans designed to mitigate risks for companies of all sizes. The insurer has cyber insurance plans for technology companies, public entities, and SMBs.
The company bundles pre- and post-breach services provided by Symantec, as well as a hub to evaluate risks.
Travelers' policies fall into these categories:
Compared to the big insurers, Beazley isn't a household name, but NAIC rates the firm No. 4 with 11.2% market share just behind Travelers.
Beazley's headliner is Beazley Breach Response, which is a customized policy based on a company's situation. Beazley claims to be the "world's best designed cyber insurance solution." Beazley also covers breach response services for up to five million people.
For companies in specific industries, Beazley looks like an option. Beazley counts healthcare, higher education, hospitality, financial services, and retail as target industries.
Allianz provides cyber insurance on a standalone basis, but is now partnered with Google Cloud along with Munich Re under a program called Cloud Protection +. The pairing is likely to move Allianz, as well as partner Munich Re, up the cyber insurance rankings.
While the big-name insurers are going after the large enterprises, mid-market companies may gravitate toward a specialist. Mid-market companies often have their own tech providers, since they are often ignored by large enterprise vendors.
Cyber insurance companies may also shortchange the mid-market. Resilience offers cyber insurance with a few interesting perks. First, it combines insurance and expertise like the large players. And second, Resilience includes a program where customers can earn credit to put toward security services and products.
Hiscox specializes in cyber insurance for small businesses. The firm is spending heavily on marketing, but is worth a look. The company offers a training academy to shore up small business defenses, or what it calls the "human firewall."
According to Hiscox, its cyber insurance covers lost business revenue and data recovery costs, money lost to phishing, defense against fines and privacy lawsuits, and breach response. The Hiscox policies also include digital media upgrades. However, they do not cover criminal action, fund transfer, infrastructure interruption, or prior acts of knowledge.
The future of cyber insurance
I have a few working theories about the cyber insurance market:
- This year -- 2021 -- will be the year that cyber insurance evolves significantly. It's possible that cyber insurance will become a requirement for businesses, much like home and auto.
- The market is dominated by massive insurers targeting large enterprises, but there will be segments of the market targeting mid-sized and smaller businesses.
- Cyber insurance could be part of a cloud services stack. For instance, Google Cloud's partnership with Munich Re and Allianz is a start, but cyber insurance could be resold by cloud providers, web hosting, and other parts of the business technology stack.
- While cyber insurance may become part of a tech bundle, or at least easier to acquire, there will be multiple players gunning for policies in a fragmented market. Reportlinker projects that cyber insurance will be a $70.6 billion global market in 2030, up $5.6 billion in 2019.
In any case, cyber insurance scouting needs to commence for businesses. According to the National Association of Insurance Commissioners (NAIC), the top 20 cyber insurance providers accounted for 92% of the market in the US.
More notable providers
There is a bevy of other providers -- and many insurers offer cyber insurance as part of a broader package of business offerings. Among those that looked interesting: