Embedded Cyber

Embedded Cyber

Everyone is a target. Who's watching over you?

Cyber protection has become a staple coverage extension within the Medical Professional Liability (MPL) industry. Generally, MPL insurers offer this product through partnerships with market leaders, like Tokio Marine HCC and Beazley, and embed a relatively low cyber sub-limit as a ‘bolt-on’ to their professional liability policy form. The product affords the policyholder with not only expense reimbursement and liability coverage but also access to specialized breach response solutions through third party vendors.

The embedded cyber offering was born during soft conditions in the MPL market and allowed carriers to differentiate their product by providing a value-added solution to an emerging exposure. The coverage extension was generally granted with no explicit charge to the insured. There are now factors challenging this model.

The frequency and severity of cyber claims has risen dramatically. Ransomware attacks in the U.S. were up over 98% in Q4 2020; meanwhile average claim payments in the cyber industry have spiked to over $230K per claim, up from an average of $10K just two years ago. The impact of this surge in claim trends is further compounded by a sub-limit that has grown from as low as $25K to many carriers now affording up to $100K in coverage.

As loss ratios have risen within the broader class, rates have begun to adjust. Primary rates have been on the rise since early 2019, and reinsurance pricing is starting to follow. Embedded programs with little year-over-year loss impact experienced low double-digit rate increases for January 2021 renewals while rates on portfolios with deteriorating loss trends adjusted upwards to nearly 100%. Industry signs continue to suggest looming concerns over this exposure with the expectation that rate increases will likely continue into the foreseeable future.

The evolving nature of cyber claims is a complicating factor. Open market product offerings are commonly offered on an E&S basis allowing the flexibility to nimbly expand coverage and secure rate for broadened terms. The embedded product is generally on an admitted basis which creates additional challenges to file for changes, meanwhile additional pricing for coverage enhancements exacerbates the concern as reinsurance rates rise.

There are options to help mitigate and manage rate increases

The increased cyber reinsurance costs are in sync with a hardening MPL market, making it hard to pass on the additional costs to insureds and difficult for the MPL insurer to absorb. However, there are options to help mitigate and manage rate increases.

In addition to the embedded coverage, ‘buy-up’ coverage can be offered to complement the underlying product with a higher limit being afforded for additional premium. The premium for a ‘buy up’ is borne directly by the insured, is priced at appropriate market rates and adds premium volume to help mitigate volatility. The loss ratio in the buy up book generally outperforms the embedded portfolio and can help mitigate reinsurance rate increases for the embedded product. While the take up rate on the higher limit offering has been slowly increasing, it currently remains an overall small percentage (less than 10%) of the overall insured base. The lack of purchasers is most likely attributable to:

  • the perception that cyber exposure is minimal
  • an ineffective marketing / education
  • additional cost
  • the insured potentially purchasing a standalone product elsewhere

Despite these hurdles, MPL carriers possess the enviable position of distribution. Generally, MPL insurers are viewed as trusted service providers and the fact that they have provided a level of cyber coverage for over a decade, uniquely positions them to expand and grow the distribution of this product line.
Risk management will play an increasingly important role. The recent spike in claim frequency and severity has largely been driven by a growing universe of cyber criminals who extort businesses with ransomware technology. While the complexity of these malware attacks varies widely, reinsurers have identified strategic partnerships that provide carriers and their insureds with effective ways to mitigate the exposure to cyber events. These risk management strategies include network vulnerability scanning technologies and the implementation of advanced security protocols.
Increasing the percent of buy up coverage and the use of risk management strategies can help mitigate reinsurance rate increases, but other options exist including: broadly marketing the reinsurance cover, evaluating sub-limits and the extent of coverage provided, as well as considering deductibles and co-participations.
The intersection of cyber and MPL will continue to generate challenges for insurers. For creative and experienced expertise in providing solutions TigerRisk is uniquely positioned to assist you, please contact a Tiger today to discuss further.