July 1, 2022
Steps to Improve Your Cyber Liability Coverage at Competitive Rates
If your business has cyber liability insurance that has renewed in the last nine months or if your business has investigated purchasing cyber liability, you likely were shocked at the pricing and restrictive terms as compared to the past. Due to an unfathomable number of ransomware claims in the last two years (the average claim rising to $812k in 2021 as compared to $170k in 2020)[i], carriers have been forced to exit the market, reduce the limits available or instill highly restrictive underwriting requirements — especially compared to three to five years ago when insurance carriers were almost giving it away with little underwriting information.
Cyber liability has become as necessary as general liability to protect insureds. NSSF, The Firearm Industry Trade Association, recently offered a webinar for its members to inform gun shop owners and other firearm industry members of the unique cyber threats they face.[ii] In addition, Forbes Magazine stated that “Small businesses are more frequent targets of cyberattacks than larger companies.”[iii] Industry organizations have suffered a cyberattack in 2021, resulting in additional expenditures in cyber security measures.[iv] Cyber risk management, including the proper insurance policy that may include some additional risk management tools, is a necessity for the survival of businesses.
With this added necessary business expense, what can you do to make your business a “preferred insured” and decrease your exposure and your cost of coverage?
Review your security controls in advance of your cyber renewal/applying for coverage
Many carriers are reassessing their entire books of cyber, changing terms, decreasing coverage and increasing rates. For business owners, this means it is getting increasingly difficult and time-consuming for your agents to shop for your coverage.
Some carriers have sent conditional renewal or non-renewal notices on their entire cyber book to allow them the ability to re-underwrite each risk. Keep in mind, this is a courtesy in the case of excess and surplus (E&S) carriers who, in most states, do not need to give any notification to non-renew an account. Capacity (limits available) is shrinking, underwriting guidelines are severely tightening and rates are increasing. To avoid any problems, we also recommend that renewals are submitted to your insurance agent/broker at least 30 days prior to renewal, and, if possible, 60 days prior. This will allow time to have an insurance professional review your security controls with you and, if necessary, remarket your coverage with multiple carriers and obtain excess limits, should this be needed.
This risk management checklist for cyber coverage is a great reference for agents and their insureds to review well in advance of renewal to have a good sense of what will be needed, at a minimum, to obtain coverage.
Anticipate the possibility of having to get excess coverage
What does this mean? Well, your exposure might have increased as the claims in cyber have increased. You may be looking at a piecemeal approach to get properly protected. This is a more volatile phenomenon in cyber but nothing new to insurance. For example, even with limits as low as $5MM, it is often necessary to go to multiple markets to obtain these limits. If you have a contract requiring higher limits, it takes time to coordinate these limits. Many carriers are cutting back to a max of $2MM-$3MM per insured in the first $10MM — which carriers still consider the “burn layers” given recent claims activities. (Burn layers = limits that are more highly exposed for a claim.)
Work with an agent/broker team that knows the gun industry and is an expert in cyber
The cyber insurance markets change faster than gas prices some weeks. It is important to work with an agent/broker who understands and stays extremely informed in the cyber liability insurance market. Coverages are not standardized across any carrier. Each carrier has its own specialized form, and they can vary greatly in what is covered and excluded and how claims are handled. Having a broker/agent that understands the lingo and can explain differences in coverage to you is vital to obtaining the best program for your business — which may be different than your competitors due to each business’s individual risk tolerance.
A cyber specialist will also have access to a multitude of cyber carriers and will thoroughly shop your coverage as warranted to get the best possible terms for you. One who works closely with the gun industry as part of a team that specializes in this space gives you the best of both worlds. The carriers know and appreciate an approach that considers unique and constantly evolving industry exposures and specific cyber risks that these insureds face.
Preparing to be a ‘best-in-class’ cyber insured
If you can present your business to be a best-in-class risk, the renewal (or new business marketing) for your cyber coverage will go much smoother, and your agent will be able to offer better options. Work with an agent who is versed not only in risk management, but cyber risk management too.
Some of the security controls and cyber risk management that most (if not all) carriers are requiring to renew or write coverage are on the checklist available for download. The larger your business or the higher exposure your business is (the gun industry is a higher exposure by its nature), the stricter the carriers will be about these controls. Keep in mind, as hackers evolve and newer cyber security technology becomes available, the required controls and underwriting criteria will evolve. You should check in periodically with your insurance team and take advantage of the numerous resources they offer to keep up with this ahead of the next renewal. Your insurance team shares your interest in avoiding claims, so be sure to ask about these added benefits with any policy as they may be of significant value.
When should I have these conversations with my risk manager/agent?
As you can see, this is quite extensive and overwhelming — it will be nearly impossible to implement in less than 30 days. Starting the risk management conversation early with your risk manager or agent allows you to be prepared for the process of renewing or obtaining cyber liability. In most cases, carriers are not willing to extend or bind “subject to” these items being done. Our recommendation is that these conversations be started at a minimum 90 days prior to renewal or new coverage being desired and as soon as 180 days prior to desired coverage date. This allows time to implement any security controls not in place. If your business already has most or all these things implemented, coverage can certainly be obtained much faster (in as little as a few days in some cases); however, if any controls are missing, it will be necessary to implement them prior to obtaining coverage.
About the Authors
469.320.4033 / [email protected]
Vicky has vast insurance knowledge having authored several textbook chapters and taught continuing education on the business and E&O risks. With nearly 40 years of industry experience, she truly enjoys collaborating with others to solve their professional liability, cyber, and other commercial insurance needs. Vicky was honored to be recognized as a 2018 Insurance Business America Elite Women, has been featured previously as an Insurance Business America Top Specialist Wholesale Broker in professional liability, has authored several articles, has presented at many trade industry associations, and has earned a key client partner honor, as well as Breckenridge company awards.
720.495.9015 / [email protected]
Stephanie oversees the highly respected Breckenridge Outdoors and Recreational Insurance Program with a specialized coverage solution for gun stores and ranges. She works closely with a top-rated carrier and cyber expert Vicky Dearing on these risks to tailor optimal solutions for their agents’ insureds nationally. She is an active NSSF member and enjoys outdoor pursuits in the Denver area. She has more than 20 years in this industry and looks forward to seeing new and old friends alike at the 2023 SHOT Show at booth number 43040.
In this session, Alex Clark with Hylant Cyber Solutions shared insights on the unique threats and coverages facing everyone from local gun shops, large manufacturers, and everyone in between. Watch now to learn about these different threats and attacks businesses face, who the bad actors are (both domestic and foreign), and whether the attacks are targeted or random. Additionally, what you can do from an internal control standpoint and the protection options available via an insurance policy to best safeguard your business.
Visit nssf.org/compliance-webinars to learn more about upcoming and view previously recorded sessions.