Cyber cover limit doubles in the US: survey

The average cyber policy limit in the last six months has doubled in the US as clients seek higher amounts of coverage upon renewal, according to a May 2017 brokers’ survey by The Council of Insurance Agents & Brokers.

The average cyber policy limit increased to around $6 million in the last six months, double the $3 million reported in October 2016, according to the “Cyber Insurance Market Watch Survey”.

This proves that clients are consistently increasing their limits upon renewal and clients purchasing cyber insurance for the first time are buying increased amounts of coverage, the body representing US insurance brokerages commented.

Participating brokers noted that it is common for clients to ask about increasing their limits or if their current policy contains enough coverage. The average largest limit placed by
respondents was just over $101 million, up from $61 million six months ago. Three different respondents mentioned putting together cyber insurance towers with $600 million limits. The largest previously reported was $500 million last October.

There also remains plenty of capacity in the cyber market – 81 percent of respondents saw no capacity issues in the last six months. One respondent even described the market as “over-prescribed.” While capacity in the cyber market is industry specific, as one respondent explained, capacity continues to expand in all areas, as “capital has flooded the market over the last year.” However, similar to six months ago, several respondents did note industries with higher personal and financial record counts remain tough, such as healthcare, education, retail and financial.

When asked what drives organizations to purchase cyber insurance, risk transfer was the number one driver for large entities (63 percent) and small and medium-sized enterprises (36 percent). For SMEs, contract compliance (29 percent) and post-breach resources (22 percent) were also key factors in the purchase of cyber coverage. Overall, SMEs are beginning to realize that it no longer pertains solely to large entities and that a cyber-event on a small organization can have crippling consequences.