Cyber coverage for retailers shrinks by $100m

The recent string of data breaches in the retail industry means insurer appetite is declining and high limits are harder to find.

Environmental

By

The rapidly growing cyber market is facing a certain amount of cooling in some areas. Thanks to a string of high-profile data breaches in the retail industry—including the December Target breach that affected 40 million consumers—insurers have started to reassess their previously generous limits and rates.

According to a report from Business Credentialing Services, retailers were able to purchase roughly $350 million in cyber risk insurance capacity before the Target breach. In today’s risk environment, that figure is closer to $250 million—a loss of approximately $100 million in coverage limits.

At the same time, businesses will also likely be paying higher premiums for cyber liability coverage, CBS said.

At NAS Insurance in Encino, Calif., Vice President Michael Palotay says the cuts his company has made are necessary for the insurer to stay profitable and continue offering cyber coverage across multiple sectors.

“Recently, retailers have been targeted by a much larger quantity and with much larger ferocity. Once there’s a breach like Target’s or Williams-Sonoma’s, there’s blood in the water and the sharks circle,” Palotay said. “We view retail as a much higher hazard than it was a couple years ago, so we are increasing rates on that class and we’re managing limits. We are trying to make sure we don’t have too much exposed with one particular retailer.”

The shrinking limits make it somewhat more difficult for brokers to source risk for retail clients, says Christine Marciano of Cyber Data-Risk Managers. However, the methodology behind the practice is sound and reflects a market that is maturing.

“It’s become a little more difficult [to source risk for retailers] than it was three years ago when carriers were all seeing green, but now they’re really being sensitive and careful about who they’re going to cover,” Marciano said. “The capacity is there, but they’re a little more sensitive in their underwriting.”

Cases are most difficult when a client is contractually obligated to carry something like $10 million in coverage and many carriers refuse to cover limits that high. In those situations, it takes more effort on the part of the broker.

There are ways to present differentiated views of risk to carriers, however. According to a recent report from Marsh LLC—“Data Security and Information Privacy Risks in the Retail Industry”—increased state regulation requires protection mechanisms for consumers’ personally identifiable information.

Enacting these defenses may score lower premiums for clients and reduce exposure to a large loss event.

You may also enjoy: InFocus: Cyber liability insurance; read more stories and download a free client fact sheet
"The 6 hottest cyber markets in 2014"
"4 misconceptions that could sink your cyber sales"
"How one broker took on a tough cyber case and won"

Keep up with the latest news and events

Join our mailing list, it’s free!