Cyber insurance has transformed significantly over the past several years. While the market has stabilized somewhat compared to the volatility of 2020-2023, it continues to be an evolving segment of the insurance industry. The complexity of Cyber policies, coverage nuances and changing cyber risks makes it imperative for businesses and brokers to engage with experts like RPS who navigate the space daily.

Not All Policies Are Created Equal

"One of the biggest misconceptions about Cyber insurance is the assumption that all policies are created equal," explains RPS Area Senior Vice President Tim Foody. "Many businesses think they have comprehensive Cyber insurance; however, policies vary widely in terms of coverage depth and scope."

For example, the Cyber insurance endorsements added to a General Liability (GL) policy or a Business Owner's policy (BOP) typically offer only basic protection, addressing third-party liability claims. They don't address critical cyber exposures, such as ransomware, business interruption and cybercrime.

"Even stand-alone Cyber policies are not uniform," says Foody. "Some policies provide robust protection, while others provide basic coverage, similar to what you get with an endorsement. The specific policy perils and terms and conditions are critical, and businesses without a thorough understanding of their cyber risk profile may find themselves unprotected when a breach occurs."

Cyber Risks Vary by Industry

Foody explains that every industry has different cyber exposures. A florist, for example, may have minimal data security concerns compared to a healthcare provider handling sensitive patient records. And a law firm specializing in real estate transactions that routinely holds large sums of money in escrow requires a policy with comprehensive social engineering fraud coverage — something not all Cybercrime endorsements automatically include.

"If, for instance, a law firm assumes it is protected because its policy states 'cybercrime' or 'social engineering,' it could be in for a rude awakening if the coverage does not extend to client funds it is holding," says Foody.

A Shift in Pricing

The Cyber insurance market has also experienced dramatic shifts in pricing over the last couple of years. Due to an influx of new carriers offering coverage, what was once a hard market has been soft despite ongoing cyber incidents.

"Also, unlike the Property insurance market, where historical data guides pricing adjustments, the Cyber market lacks a long-term claims history," says Foody. "This allows new entrants to underprice coverage to gain market share, creating an environment where rates are competitive — but not necessarily sustainable."

The Push to Bundle Cybersecurity Tools With Coverage

One of the most notable trends RPS is seeing in the Cyber space today is the push by some insurers to bundle cybersecurity tools with insurance policies.

"The idea is that, if a business uses the insurer's proprietary cybersecurity tools, they may receive more favorable pricing or broader coverage," says Foody. "While this may seem like an attractive proposition, it has its drawbacks. Agents and brokers are not informed enough to recommend or vouch for the effectiveness of a particular cybersecurity solution. Also, the potential long-term impact on the insured is a real concern if a business chooses a policy that's bundled with cybersecurity software. The business could face challenges if changing insurance carriers in the future, limiting its ability to seek better coverage or pricing elsewhere."

Instead, Foody recommends businesses take a more independent approach to their cybersecurity, investing in best-in-class security solutions tailored to their needs while maintaining the flexibility to shop the market for the most suitable insurance coverage.

Another issue in the Cyber market is the disconnect between cybersecurity investments and premium savings.

"Businesses frequently ask, 'If I invest in a specific cybersecurity measure, how much will I save on my premium?' Unfortunately, the Cyber market has not yet reached a level of direct, standardized correlation between security measures and pricing," explains Foody.

"However, companies that invest in strong cybersecurity practices benefit from greater market access, with more insurers willing to offer favorable terms. More importantly, robust cybersecurity minimizes the risk of an attack in the first place, reducing financial and operational damage beyond the scope of insurance."

As cyber threats continue to evolve, so must Cyber insurance. Businesses and brokers alike must recognize that all Cyber policies are not the same and that expertise is essential in securing the proper coverage.

"In an industry where 'you don't know what you don't know' can lead to costly oversights, having a knowledgeable RPS specialist can make all the difference," says Foody. "Understanding the nuances of Cyber policies, staying ahead of underwriting trends and helping businesses to be adequately protected is not just a best practice — it's necessary in today's digital world."

Contributor Information