iStock.com/sankai

Cyber insurance in Canada remains in a “very soft” market, with carriers offering more capacity, limits and coverages for less premium, a senior underwriter says.

“I’ve been underwriting cyber for about seven years now, and it’s probably the softest I’ve seen it,” Lynda David, senior underwriter, technology & cyber with Sovereign Insurance, tells Canadian Underwriter.

For example, David’s seen renewals either as is or flat. “But a lot of brokers are requesting that if [clients] have better controls in place, that we actually decrease [prices] even if exposures have increased or revenues have increased,” she says. “So, a lot of pricing and rates are actually decreasing on accounts.”

Carriers are also offering higher limits. In the past five years, carriers decreased capacity; instead of offering $10 million, they’ve dropped it down to $5 million or $2 million. “But now I’ve seen that creeping up.”

Another example is cybercrime coverage, which used to be maxed at lower limits, such as $100,000. But it has increased to $250,000, and now some carriers are offering $500,000 in coverage up to $1 million.

How long softer D&O and cyber markets will last Image
Claims

How long softer D&O and cyber markets will last

3 min read

The excess cyber market is even softer, David says, noting that cyber excess rate factors have dropped by as much as 40% in the last couple years, especially on higher attachment points. These rate factors refer to the percentage or multiplier applied to the primary premium to calculate the premium for the excess layer. For example, if the primary premium is $100,000 for $5 million in limits, and a 0.5 factor is used for the $5 million excess of $5 million layer, then the excess premium would be $50,000.

While cyber loss ratios may still be in the unprofitable zone, they have become more profitable because insurers are mandating controls such as multi-factor authentication to obtain cyber insurance, David says. “We just need to maintain our underwriting discipline and guidelines, and insurers need to require that insureds put in the cybersecurity controls…to continue to be profitable.”

Standalone vs. endorsement

When it comes to coverage, some clients may opt for a cyber endorsement rather than a standalone cyber policy. Add-on coverages tend to be more prevalent in a “program-type of world,” such as a program of more homogenous types of risks, David adds.

Generally speaking, though, she recommends a full cyber policy rather than endorsements. “Add-on cyber coverages onto your P&C policy generally are stripped-down versions, lower limits, less coverages [and] less broad.”

As well, a lot of companies are getting contractual requests for cyber insurance.

“So, if your client has a contract with someone, they may require you to have cyber coverage,” David explains. “And those endorsements would probably not be sufficient, so you’d have to get a full cyber policy.

“Standalone policies have broader coverages and most likely, your loss will be covered within that full policy, rather than the endorsement,” she says. “It’s usually in your best interest to choose standalone coverage for added peace of mind.”

Subscribe to our newsletters

Subscribe Subscribe

Jason Contant

Jason has been an award-winning journalist with Canadian Underwriter for more than a decade, including the past three years as associate editor and, before that, as digital editor for seven years.