Product Family
Risk Consulting
Media Center
Get In Touch

Amid the rising uncertainty of cyber risks, one thing is for sure: organizations have become much more sophisticated about buying cyber insurance.​There is a lot of discussion around the growing risk of cyber incidents and the importance of cyber insurance, but few people are talking about the increasing sophistication of the buyers of this specialized coverage. ​My career in insurance includes more than a decade as an underwriter of cyber and technology exposures -- almost as long as cyber insurance has been available. During that time, I have observed a steady evolution occurring, in both the insurance products and their customers. Only a few years ago, many organizations were skeptical about cyber insurance, expressing concerns about whether it would respond or questioning whether they truly needed it. For the vast majority of organizations, that is no longer the case.​As more industries embraced computer technology and the Internet ushered in online commerce, cyber criminals saw opportunities to attack websites and computer systems. Over time, businesses outside of the technology sector started to experience cyber incidents, from denial of service attacks to data breaches, and liability claims quickly followed.​A startling picture of the growth in the number and distribution of cyber incidents is painted by NetDiligence's 2016 Cyber Claims Study, the sixth such report. NetDiligence identified industries reporting the most claims: Healthcare, representing 19% of the total claims studied; professional services, 13%; non-profits, 11%; financial services, 10%; retail, 10%; other industries, 17%. Technology firms represented only 6% of the claims studied. Additionally, the number of reported incidents is up across all industries. Some of the largest claims in this year's study, counterintuitively, came from smaller organizations.​This broad set of industries reflects what my colleagues and I are seeing in submissions for cyber insurance. Organizations of all sizes have become more conscious of the limits and specific coverages they would like to have, and they have become better able to present their cyber exposures and risk management controls to the underwriting community. Much of this growth in awareness is in part due to the growing brokerage community of Cyber Specialists, who have provided information and insight on cyber risks and coverage with more clarity and direction. From the large brokerage houses, to wholesalers, to regional brokers, buyers are readily able to find an in-house specialist to discuss the evolving threats and coverage offerings from insurers.  ​

​Cyber insurance buyers are becoming more selective about how they want to structure the coverage...
Companies are thinking carefully about how much cyber coverage they need to buy, too. For some organizations, their decision to buy certain limits is dictated by strict budget limitations; many based on true exposure they face, and for others, coverage amounts are determined by contractual requirements. For example, a small company sought cyber insurance to fulfill its service agreement as a supplier. The company thought their own cyber exposure was minimal, but shortly after the policy came into effect, one of their employees in human resources lost a laptop containing employee data. The result? A sizable claim that the small company never anticipated. Fortunately, they had insurance coverage.​Cyber insurance buyers are becoming more selective about how they want to structure the coverage as well. One example is that more organizations are buying first-party only coverage also known as “crisis response.” This includes notification and credit monitoring, costs to conduct a forensic investigation and the costs to retain a public relations firm. Some are opting against third-party liability because they may have some cyber coverage in another insurance program, such as errors and omissions liability. They are looking to match their cyber insurance purchase with their greatest area of exposure and to fill gaps in coverage that were previously uninsurable.​Because customer exposures and buying patterns are constantly changing, the cyber insurance market has to be committed to innovating and updating our own coverage forms continuously with the ability customize offerings to underwrite to a customer's culture and coverage needs. The risks, the markets and the products are all continuously changing. Change is the one constant in cyber insurance.  And for cyber underwriters like me, we welcome it and we’re working hard to be ready for what’s next.  ​About the author

Marcin Weryk is a vice president and underwriting manager in XL Catlin’s Cyber and Technology Insurance Group. Before joining XL Catlin in 2012, he underwrote cyber and technology risks for a large commercial lines insurance organization.  To learn more about XL Catlin’s cyber coverage, contact Marcin at or 212- 915-6838. 

  • About The Author
  • Sr Underwriter, Cyber Technology, AXA XL
Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.