NetDiligence panel: No consistency in how cyber carriers handle non-breach privacy violations

By Michael Loney

Feb 12 - (The Insurer) - Adjusting business interruption claims remains a “pain point” for the cyber market, while carriers are inconsistent in how they handle non-breach violations of privacy data, according to a state of the market panel at a NetDiligence event.

Speaking at the NetDiligence Cyber Risk Summit in Miami on Tuesday, Garrett Koehn, chief innovation officer and president of ExecPro for CRC Group, said that non-breach violations of privacy data are one of the biggest evolving areas in the cyber market.

“If there's a class action around that area, there's really no consistency in how carriers handle it,” Koehn said. “So it could be appropriately covered. It could be silent, it could be a defence only. It could be a sub-limit. It could be only if the C-suite didn't know about it.

“And so that seems like an area that's a newer one that's not yet settled.”

Navarone Dozier, assistant vice president of cyber solutions at Aon, noted that there has been a significant increase in incidents related to privacy, with the plaintiffs' bar pursuing this aggressively.

The panel agreed that the cyber insurance market has generally done a good job of managing the evolving risk landscape in the past few years.

“I think as a collective, the markets have done a good job of navigating through the ever-changing landscape, especially as there's new regulation measures and technologies that are evolving on a regular basis, and putting out new endorsements or addressing specific concerns, such as matters related to SEC,” Dozier said.

However, the handling of business interruption remains a frustration.

“The claims for BI specifically, and the lag that's typically associated with it, that is a concern in finding ways to ensure that we are not making these claims last a lot longer than needed,” said Dozier, who suggested the market needs to find ways to work more collaboratively “so that we can find solutions to close out these claims”.

He noted that claims become more costly the longer they are open.

Market “missed the boat” in methodology details

Moderating the panel, Juliet White, head of cyber and E&O at Vantage Risk, commented: “I think business interruption has become sort of the pain point and also what's driving a lot of the purchasing.”

White said that there has been a shift in the marketplace around how BI claims are navigated and in managing expectations of insureds and explaining to brokers how carriers are going to substantiate a loss and how losses move up the tower on the larger programs.

She added: “I think the cyber market has done a lot of really great things to advance coverage. But I sometimes think we maybe missed the boat on including some of the details around methodology, and then also how do we streamline some of the claims matters that come in. Because that's when it gets messy, when you have a wild divergence of expectation versus reality, unfortunately, for what was your true income loss and what are we really intending to cover.”

Tresa Stephens, regional head of cyber, tech and media – North America at Allianz Commercial, noted feedback from brokers and claims colleagues on how this gets managed, and said “it is around expectations”.

“It depends on the program, but maybe you've got 20 or 30 carriers on a program, and then all of a sudden it's like everybody has to align on how they're going to navigate this process. I think it can be really challenging,” Stephens said.

Ashley Sales, Southeast regional underwriting manager – cyber and tech at Axis Capital, said that “we lean heavily on our broker partners to be able to distinguish between policy language”.

“A lot of carriers have slightly different definitions for stuff, so we definitely lean on our broker partners to be able to explain that to their clients so that they have a good experience overall,” she said.

Aon’s Dozier said that business interruption is an area “where standardisation would be helpful, having a through line of how things will be done from the start, so that there's no ambiguity in these things".

“How we get there is to be seen,” he said.

One big issue is carriers using a multitude of forensic accountants who all have a different perspective, he said, which slows down the process as a whole.

“So it is about making sure that we're having these conversations well in advance, and ensuring that our clients understand these aspects too,” Dozier said. “The worst thing to be is in a claim experience and to have no sense of direction, or to not be able to tell a client how things are going to work. Those are things that must be addressed ahead of and that goes back to setting expectations as a whole.”

He added: “I think we have to do a better job of both brokers and markets collectively in communicating those things, as well as finding new innovative ways together, because it impacts all of us, and more specifically it impacts our clients and the market as a whole with how they see the product from a sustainability perspective.”

Parametric products slow to take off

The panel also discussed developments that they would like to see in the markets.

CRC’s Koehn noted that there have been efforts to introduce parametric coverage into the cyber space, and said this is an area he would like to see expand.

“That’s been going on for a few years with little success so far. In this case, the event would be something like your web page goes down and can't operate,” he said.

“They're simple, they're plain, they're easy to understand. I would like to see those grow, but they had that trouble with distribution, which I always find fascinating. Brokers are like, ‘Oh, it's too confusing.’ And, I’m like, ‘Have you read a cyber policy?’ It goes down, you get paid. It's not that hard,” he continued.

Vantage’s White said: “I would love it if the brokers and the underwriters teamed up a bit more on the data sets and the models for how they're pitching limits purchasing and actual claims, because I think that's really where the rubber meets the road.”

White noted that in D&O there is a lot of claims data available to support purchasing but in cyber “it seems nebulous at times”.

“Companies don't disclose do we pay ransoms, do we not pay ransoms. Some regulations are driving that. Could we as carriers and brokers perhaps get a bit more synced on the limits profile requirements?” she asked.