NEW YORK (Reuters) - Rates for cybersecurity insurance edged lower in the last few months despite surging demand, as heavy competition brewed among insurers rushing into the market in search of the next profitable product, insurance brokers Marsh said on Wednesday.
A series of high-profile data breaches at companies including Sony Corp and Citigroup have drawn sudden attention to “cyberinsurance,” which covers everything from the cost of notifying customers their data has been breached to the cost of defending against those customers’ lawsuits.
A number of brokers told Reuters in early June that their phones were ringing off the hook, with some customers seeking coverage limits of up to $200 million for new policies. Such huge limits are noteworthy, since less than 5 percent of all data breaches cost more than $20 million.
Yet despite all that demand, there has also been a marked increase in the number of insurers willing to write such policies. Travelers Companies Inc, one of the largest property and casualty insurers in the world, launched its own program last month, and others like Chubb Corp are increasingly aggressive in the market as well.
“We see a major player come into the space once a quarter, once every other quarter, so capacity continues to exceed demand,” said Bob Parisi, a senior vice president in the financial and professional liability practice at Marsh, a unit of Marsh & McLennan.
“You’ve got $100 million, $200 million in capacity chasing $25 million in risk. It’s the undiscovered country, everyone’s looking for a growth area.”
Amid that competition, Marsh said cyberinsurance rates fell an average of 2 percent in the second quarter. Insurers are giving their customers extra coverage in an attempt to hold the line on rates, but prices are still falling, Marsh said.
Those concessions include raising coverage limits, lowering deductibles, or adopting a more liberal interpretation of what counts as a claim — all of which benefit the customer at the expense of greater risk for the insurer.
As it has been for years, one of the biggest problems is accurate pricing. Customers face huge risks and insurers are still developing standards to figure out who is worth covering and who is uninsurable at any price.
“You’re insuring all the nonsmoking, low-cholesterol iron workers — they do something inherently dangerous but they’re well-trained and they’re all healthy,” Parisi said, by way of an analogy to describe how insurers approach cyber risk.
Of all the categories of coverage that exist, Marsh said the biggest increase in claims during the most recent quarter was for privacy-related claims, such as notifying customers their data had been breached and giving them credit monitoring and identity theft services.
A year of credit monitoring services has been become a standard offering from companies to their customers after a data breach, consumer advocates say.
Even so, new risks continue to emerge all the time. The latest is social media, particularly as financial companies increasingly tie up with social networks, like the American Express deal this week with Facebook.
“No one has any idea what risk social media and social networks are creating yet,” Parisi said.
Reporting by Ben Berkowitz, editing by Matthew Lewis