(Reuters) - A lull in high-profile data breaches prompted insurers to cut cyber insurance rates for high-risk businesses such as retailers and healthcare companies during the first three months of this year, according to insurance industry brokers.
The dip comes after sudden rate hikes for many firms last year in the wake of a spate of attacks on Home Depot Inc, Target Corp, Anthem Inc and others.
The average price companies in high-risk industries paid for $1 million in cyber insurance coverage fell 13 percent to $18,756 in the first three months of 2016, according to broker Marsh, a unit of Marsh & McLennan Cos Inc.
It said the average premium rose 28 percent last year to $21,642 for comparable buyers in industries such as retail and healthcare.
“Pricing has stabilized,” said Marsh cyber insurance executive Robert Parisi. “There is only so far things can go before people choke and say ‘I’ve had enough.’”
Ben Beeson, an executive with broker Lockton Cos, said he has seen a “leveling off” in pricing with his clients, following steep price hikes in response to attacks.
Recent breaches have led to big payouts from insurers, including $90 million of Target’s breach-related costs and $100 million for Home Depot. “We haven’t had too many Targets or Home Depots recently,” Beeson said.
Kevin Kalinich, global cyber practice leader with Aon Plc’s Aon Risk Solutions unit, warned that average pricing does not tell the full story.
“Pricing varies dramatically,” he said, noting that some clients who locked in rates before last year’s steep increases could see big hikes when they renew.
Reporting by Jim Finkle in Boston; Editing by Bill Rigby