+1 (208) 254-6996 essayswallet@gmail.com

Common Attributes of Traditional Cyber Insurance Carriers

These carriers typically offer “Admitted” options

Don't use plagiarized sources. Get Your Custom Essay on
Common Attributes of Traditional Cyber Insurance Carriers
Just from $13/Page
Order Essay

While they have a specialized cyber insurance business unit, they will write multiple lines of commercial insurance coverage

Often takes longer for these types of carriers to revise coverage forms and add endorsements

Often work through traditional insurance distribution channels (direct to retail agents and brokers)

Often household or known names in the insurance marketplace




MGAs, Specialist Underwriters & InsurTech Market


Common Attributes

Often start out as non-admitted options

Some may offer other lines of specialized coverage, but many offer cyber and tech insurance exclusively

Often backed by a large insurance market like Lloyd’s of London or a very large traditional insurance or reinsurance carrier

Specialized insurance entity that is vested with underwriting authority from a large insurance market like Lloyd’s of London or another large insurance or reinsurance carrier

Often work through non-traditional distribution channels or through Wholesalers

Often, but not always, more technology and cybersecurity focused especially with underwriting and loss control




Admitted vs. Non-Admitted Carriers


Non-Admitted Carriers

Are regulated entities just like Admitted carriers, but does not necessarily have to adhere to all laws and regulations of each individual state

Do not pay into the state guarantee fund so if the carrier or company becomes insolvent there is a risk claims will not be paid

Do not have to file policy forms, endorsements or rates so are able to adapt coverage more quickly

In order to place coverage, brokers and agents may have to follow due=diligent search requirements if carrier is not on an “exportable” list

Taxes and fees are collected separately

Often a market for non-traditional or risks that are more difficult

Admitted Carriers

Must adhere to laws and regulations of each individual state Insurance Commissioner

Pay into the state guaranteed fund administered by each state Insurance Commissioner

Must file all forms, endorsements and rates with the Insurance Commissioner of each state

Pay state taxes and fees on behalf of insured (already included in premiums)

Insureds in some states can appeal to the Insurance Commissioner for claim disputes

Generally the go-to option for traditional insurable risks




Cyber Insurance Coverage Origins

Third-Party Cyber Liability

Data and Network Restoration Expenses

Business Interruption and Extra Expense

Network Security and Data Privacy Liability

Media Liability

Regulatory proceedings, fines & penalties

Data restoration

Lost income during time of cyber incident-triggered technology disruption

Extra expenses to get back up and running

Network Extortion




Coverage Restrictions

Specified Incidents
SolarWinds Orion MS Exchange Server Vulnerability Log4j Kaseya Vulnerability Open Ports and Unpatched Attack Surface More to come?


Coverage Restrictions

Policy Language
Naming specific laws/regulations rather than blanket coverage Silent on investigation, containment & remediation due to network security failure Limiting restoration expenses to data & software, silent network restoration Narrow definition of computer system that does not address cloud, 3rd party or employee devices Restrictions related to vulnerabilities of 3rd party product


Coverage Restrictions

Sublimits and Waiting Periods
Reduced limits on individual coverages to cap the amount the carrier will pay out for a specific loss Increasing the waiting period of business interruption claims Adding “co-insurance” to ransom payments and other coverages claims Adding “co-insurance” and coverage limitations to claims resulting from unpatched or unsupported software


Ransomware Payment Restrictions

To help reinforce OFAC ransomware payment restrictions carriers are starting to add Endorsements to policies


Watch out for overly broad and confusing requirements that extend beyond OFAC to European and other foreign guidelines.

Typical OFAC Endorsement


Coverage for Cyber Terrorism Is Changing

Carriers can no longer be silent on cyber terrorism coverage. This may not always be a good thing.


Cyber Terrorism Exclusion/Carveback Example

War Exclusion/Carveback Example

Any war, warlike operation, popular or military uprising, hostilities, insurrection, rebellion, terrorism (certified or not) by an individual or group or action taken by governmental authorities in hindering or defending against any of these.

This exclusion will not apply to Cyber Terrorism.


Cyber Terrorism Cyber terrorism means any actual or threatened attack by individuals or a group against a computer system, to advance ideological, social, religious, or political objectives, with the intent, in whole or in part to: cause harm to a computer system; or threaten an entity or person to further objectives.


Lloyd’s 2021 Addition of Carveback for “Innocent Bystanders” “Paragraph 1.3 shall not apply to the direct or indirect effect of a cyber operation on a bystanding cyber asset.”


Proprietary and CONFIDENTIAL. Do Not Distribute. © 2022 Optiv Security Inc. All Rights Reserved.

“1.1. war or a cyber operation that is carried out in the course of war; and/or 1.2. retaliatory cyber operations between any specified states leading to two or more specified states becoming impacted states; and/or 1.3. a cyber operation that has a major detrimental impact on: 1.3.1. the functioning of a state due to the direct or indirect effect of the cyber operation on the availability, integrity or delivery of an essential service…




Cyber insurance in the news




Underwriting Evolution

2015-2019: Short Form Applications

Today: Long Form Applications & Analytics

Challenges of Insuring Cyber Risk


Proprietary and CONFIDENTIAL. Do Not Distribute. © 2022 Optiv Security Inc. All Rights Reserved.




Breakout #2 – Cybersecurity Insurance has a Big Problem


Group 1: The article points out that the cyber insurance industry lacks historical loss data. The industry has been around for 25 years, why do you think we don’t have the data required? How does a lack of data impact underwriting cyber insurance policies?


Group 2: The article briefly mentions that “4 reinsurers account for more than 60% of premium” in the cyber insurance market. Why do you think this is a potential problem?


Group 3: The author of this article uses a good analogy to describe what organizations should do in the current cyber insurance market. He says, “I’m an avid cyclist, and I have health insurance, but that doesn’t mean I don’t need a good helmet, too.” How does this apply to cyber insurance based on what we have been discussing in class so far?


Group 4: In today’s hard cyber insurance market many business may not be able to afford the cyber insurance coverage they need. Towards the end of the article (2nd to last paragraph) the author provides a strategy for achieving desired cyber insurance coverage limits over time. What does the author suggest and do you think this is realistic for most organizations?



Cyber risk is different

The Ludic Fallacy “The attributes of the uncertainty in real life have little connection to the sterilized ones we encounter in [models] and games.” — Nassim Nicholas Talib

Sterilized Risk Assumptions

Order your essay today and save 10% with the discount code ESSAYHELP