Product Family


Cyber liability is fast becoming the last frontier of the insurance world.  

Hackers and cyber thieves are growing in number and in the sophistication of their attacks. Attacks that do not require hackers to directly breach systems – fileless attacks – are ten times more likely to succeed than file-based attacks.  These fileless attacks, also known as zero-footprint, macro, or non-malware attacks use legitimate applications or even the operating system. These types of attacks don't install new software on a user's computer, so antivirus tools are more likely to miss them. 

Cyber thieves are setting their sights higher, as well, shutting down systems and demanding expensive ransoms.

In 2017, the insurance world saw the significant threat of ransomware in the forms of Petya, NotPetya, and WannaCry malware attacks that infected computer systems in over 150 countries and ground operations to a halt across numerous industries, including universities, hospitals, shipping companies, and governments.

While the exact losses associated with these events may never be known, estimates for the NotPetya attack stand at $10 billion; the total from the WannaCry attack, $4 billion. Some estimates have the Petya attack costing 10 times that of WannaCry.

Even with such high-profile cyberattacks, the market for cyber insurance is still flush with availability. With more demand for cyber coverage coming from buyers and relatively few major cyber loss events, the number of carriers offering cyber coverage has grown significantly; there are 170 carriers writing cyber liability, with 30 new market entrants this year and 26 new entrants in 2016. As a result, pricing has remained low and capacity is plentiful.

2018: Risks up close

The abundance of coverage does not indicate a lack of risks, instead, quite the opposite.   2018 brought these changes to the cyber market:

  • Increased Ransomware Attacks While last year’s major ransomware attacks did not impact the US market significantly in terms of their severity, the increase in the frequency of these attacks is cause for concern. Today, most cyber breaches are ransomware attacks. The reason: the ransoms have gone up exponentially. When ransomware attacks first appeared, most ransom demands were low enough to avoid a police investigation: typically, $300. However, in 2018 the industry saw ransom demands increase to an average of $30,000 to $50,000. In one case, cyber thieves demanded a $500,000 ransom. 
  • More Sophisticated Thieves Social engineering hit its stride in 2018. Hackers turned their attentions away from hacking into systems to using reconnaissance on individuals within a company to breach security measures for financial gain. By convincing employees or IT departments that a system access request is coming from the CEO who is traveling in another country, hackers were able to gain easy entry and carry out their plans.
  • A New Regulatory Environment As ransomware attacks increase, so will the risks of exposing customer and company data. The General Data Protection Regulation (GDPR) took effect in May 2018, putting pressure on companies across the globe to protect the data of EU citizens. As domestic companies looked to cover their exposure, the states began to enact their own privacy regulations. The California Consumer Privacy Act of 2018 (CCPA) gives consumers comprehensive control over their personal data and puts additional pressure on companies to ensure that personal information is protected.

The Evolving Buyer Influence

Along with the risks, other changes within the cyber market are impacting capacity and coverage options.

  • Buyers in charge With so much coverage availability, buyers are in the driver’s seat, a fact that is evidenced by the demands buyers are placing on cyber insurers. Buyers are turning to carriers for comprehensive pre-breach and post-breach cyber risk management services, and carriers are responding, either directly or by offering these services through third parties.  Some of these services include network vulnerability scanning, penetration testing both internally and externally of the network, assistance with business continuity planning, GDPR readiness and more. 
  • Expanded coverage Another change among buyers: more inclusive coverage. From endorsements to expanded coverage language, carriers are amending policies to meet many more pain points for their buyers. Several endorsements have begun to appear, covering things like: system failures, social engineering losses, consequential reputational loss, and hardware loss. Likewise, some endorsements give buyers the choice of electing which policy will handle their claim in the case of a business interruption loss where there may be overlapping coverage with their property policy and/or a social engineering loss in which their crime policy may respond.
  • More claims pressure More demanding buyers are also beginning to test policy parameters at claim time. Even indirectly related cyber events are being filed as cyber damages. Carriers are looking to bring clarity to coverage terms.  As coverage is becoming even broader, how claims under these new insuring agreements will be treated is unprecedented.
  • More InsurTech 2018 may be remembered as the year InsurTech took root. For cyber insurance, InsurTech has delivered a better customer experience from purchasing to servicing due to efficiency in the underwriting process and policy delivery.  It has also enabled carriers to get new products and enhancements to market faster.   As the number of insurtech delivered cyber policies increase, Carriers will be looking for more data analytics to better improve and understand this process.

For cyber insurance, InsurTech has delivered a better customer experience from purchasing to servicing due to efficiency in the underwriting process and policy delivery.

Predictions for 2019

As 2019 begins, we expect to see buyers continue to put pressure on their carriers to deliver more comprehensive coverage options and services. Buyers will continue to turn to their carriers for risk management services. For now, we predict the market to remain stable with policy language evolving and buyers continuing to influence changes to policy language and endorsement offerings.As discussed above, the industry will also see a continuation of coverage expansion and claims for events not typically thought to fall under the cyber liability umbrella. Most relevant, will be the crime and property policies.  The question to answer: under what policy is the risk insurable?

To answer that question, carriers will be looking to clarify policy language. Buyers should work with their brokers on addressing other insurance clauses to avoid ambiguity when a claim or incident arises. 

In some ways, data and analytics may help bring that clarity. We predict the use of data and analytics to write cyber coverage will increase in 2019. As carriers look for ways to mitigate the impact of an aggregate event that could affect multiple policies, they will be relying on more outside data and analytics to drive more efficient and ultimately, more profitable underwriting efforts. The traditional method of using standard questions to underwrite cyber risk will eventually be replaced by data-driven underwriting and risk engineering that can speed underwriting decisions on a case-by-case basis, providing more accurate policy coverage.

The use of data and analytics may also influence the ability of carriers to succeed in the cyber market, with more accurate underwriting capabilities being a potential differentiator among robust competition. Another differentiator: experience. As new carriers enter the market, buyers should be looking for carriers that have built a solid claims history and have a clear understanding of the cyber landscape. 

The steady market we are experiencing now could shift in the aftermath of a major event. Catastrophic claims in cyber liability are inevitable as breaches and ransom events continue to evolve. Companies should work with their carriers to understand their unique risks and put sound risk management and cyber coverage in place to decrease their exposures.


To contact the author of this story, please complete the below form

Invalid First Name
Invalid Last Name
Country is required
Invalid email
Invalid Captcha

More Articles

Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued Insurance Policies

In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.