A rash of hacking attacks on U.S. companies over the past two years has prompted insurers to massively increase cyber premiums for some companies, leaving firms that are perceived to be a high risk scrambling for cover.
On top of rate hikes, insurers are raising deductibles and in some cases limiting the amount of coverage to $100 million, leaving many potentially exposed to big losses from hacks that can cost more than twice that.
“Some companies are struggling to find the money to buy the coverage they want,” said Tom Reagan, a cyber insurance executive with Marsh & McLennan Co’s Marsh broker unit.
The price of cyber coverage – which helps cover costs like forensic investigations, credit monitoring, legal fees and settlements – varies widely, depending on the strength of a company’s security. But the overall trend is sharply up.
Retailers and health insurers have been especially hard hit by the squeeze after high-profile breaches at Home Depot Inc , Target Corp, Anthem Inc and Premera Blue Cross.
Health insurers who suffered hacks are facing the most extreme increases, with some premiums tripling at renewal time, said Bob Wice, a leader of Beazley Plc’s cyber insurance practice.
Average rates for retailers surged 32 percent in the first half of this year, after staying flat in 2014, according to previously unreported figures from Marsh.
Higher deductibles are also now common for retailers and health insurers. And even the biggest insurers will not write policies for more than $100 million for risky customers. That leave companies like Target, which says its big 2013 data breach has cost $264 million, paying out of pocket.
No. 2 U.S. health insurer Anthem ran into difficulties renewing its coverage after an attack early this year that compromised some 79 million customer records, according to testimony from Anthem General Counsel Thomas Zielinski at an August hearing of the National Association of Insurance Commissioners.
Renewal rates were “prohibitively expensive,” according to minutes of that session seen by Reuters. The company managed to get $100 million in coverage, Zielinski said, but only after agreeing to pay the first $25 million in costs for any future attacks. The company would not say what that figure was before, but it was likely much smaller.
Read the full article at Reuters.