Category Archives: Technology E&O Insurance

Technology E&O Insurance Market Survey 2014

Our most recent Betterley Report reviews 28 leading Tech E&O products; this is our 14th annual review of this important coverage.  New carriers added were Endurance, RLI, and Swiss Re.

Tech E&O may not get as much attention as Cyber/Privacy, but it is an important part of the insurance portfolio of many organizations.  With the help of Dr. Fritz Yohn and his team at MarketStance (www.marketstance.com), along with input from carriers, we estimated the U.S. annual premium to be almost $800 million in 2013.

As the tech industry grows, most insurance brokers will have at least some insureds from the Tech industries, and so knowledge of this product and trends in pricing and coverage are much needed.  And not only for ‘traditional’ tech companies.  There are many non-tech organizations, including not-for-profits, that have substantial Tech E&O exposures.  So product knowledge to identify those exposures and to understand the types of coverage that might be needed is important.

This year’s Report found that, unlike most other commercial insurance lines, rates were trending down, although the % was slight. We attribute this to the heavy competition amongst insurers for this desirable type of insured.  Loss experience has generally been favorable for many insurers, too, so writing more may seem attractive.

Some of our findings:

Cyber/Privacy Coverage Specifically Added to Many Products – Continuing to support our belief that specific Cyber/Privacy coverage should be considered by Tech insureds (and thus not rely on the E&O coverage to pay for breach events), more carriers are adding Cyber options to their Tech products.

Media Liability a Common Option – All carriers reviewed except one can include a Media Liability coverage as a part of their Tech policy

Increasing Premium Volume as the Tech sector recovers – Although rates are in slight decline, the exposure base increases attributable to the tech sector recovery is accelerating the trend toward higher Gross Written Premiums.  However, individual carriers are having a harder time increasing their Gross Written as more carriers slice up the market.

Demand by Third Parties Continues to Drive the Market – Technology product and services providers, the audience for this coverage, is seeing greatly increased demand for proof of privacy insurance by their business partners.  These clients are concerned about technology risk, and want proof that their vendors are covered.  Proper coverage and significant limits are required by new or existing vendors if they want to do business with many organizations.

We think that this demand will be a strong force in growing the market for Technology E&O products.  While historically many technology companies have been reluctant to buy coverage, the demand by clients to buy it or perhaps lose a valuable business relationship will greatly expand this market.  As more and more data is held by multiple parties, the desire for protection is increasing—a positive for the market segment.

Increased Interest by Risk Management Service Providers in Supporting Technology E&O Insurers – As in the Cyber/Privacy market segment, risk management service providers are seeing that they can greatly extend their reach by providing their services through an insurance policy.  We think that it is a natural fit for carriers to identify quality vendors that can help the insureds avoid data breaches, and to provide cost-effective responses if a breach occurs.

Specialty Insurance Year End Wrap-up Webinar 12/12 at 11 AM by Advisen

Please forgive me for a bit of self-promotion, but this program should be really good; I already learned a lot from our panelists’ conference call.

On Thursday morning, December 12 at 11 AM (eastern time), I will be on a panel moderated by Advisen’s David Bradford to review the trends and developments of 2013 in Specialty Lines insurance. The panel of experts will also provide insight into 2014 & beyond. This free, one-hour webinar is sponsored by OneBeacon Professional Insurance; registration is here.

The panel includes:

  • Paul Romano, President, OneBeacon Professional Insurance
  • David Lewison, National Practice Leader, AmWINS
  • Rick Betterley, President, Betterley Risk Consultants
  • David Bradford, President, Research & Editorial division, Advisen (moderator)

The economy continued to improve in 2013, which generally benefitted the insurance market. For specialty insurers, however, the year posed a number of challenges. Healthcare reform continued to reshape the risk landscape of hospitals and other healthcare organizations. Lawyers continued to feel the fallout of the credit crisis and recession as claims activity remained above historical averages. Network security challenges further evolved in the endless cat-and-mouse game between cyber criminals and system security experts.

This webinar will review the trends and developments of 2013 in “Specialty Lines” insurance. Our panel of experts also will provide their insights into the factors that will influence the market in 2014 and beyond.

Hope you can join us!

Technology E&O Insurance Market Survey 2013 – some highlights

I published our 13th edition of Technology E&O Market Survey in late February, and am finally getting a chance to report on some of the highlights:

Carriers

  • 27 in the Report, including newly added Capitol/Global Specialty and Liberty International
  • Admiral back in the Report after missing last year
  • Safeonline now listed as Ascent Underwriting, their new underwriting vehicle

Data Breach Coverage

  • More carriers are broadening their products by offering data breach coverage for client data under the control of the Insured, not just liability coverage

Rates

  • It seems that the general trend to higher rates is missing the Tech E&O market, as many carriers expect their competitors’ rates to range from a decrease of 5% to an increase of 5%.  When reporting on their own rates, a similar range was reported.  If rates are increasing, it is in the larger account market.

Premium Volume

  • This is becoming increasingly difficult to obtain – our best estimate is $500-550 million U.S.-originated, and perhaps another $500 million outside the U.S.
  • Growth attributable to increasing demand by clients of Tech Services providers and economic recovery of the Tech Services sector

Executive Summaries of all of our Reports  can be downloaded at www.betterley.com.  Full Reports can be ordered at www.irmi.com.

Next issue: April Intellectual Property and Media Liability Insurance Market Survey 2013

ZDNet Asia Comments on Cyber/Privacy coverage for IT Vendors

The growing importance of Tech E&O as a resource to help rebuild reputations damaged by a breach is highlighted in Ellyne Phneah’s article on ZDNet here.  Ellyne covers cyber security for ZDNet Asia.

Snips from our Technology E&O Market Survey 2012

Today, we posted our update of our report on Technology Errors & Omissions insurance products.  This Report covers insurance that is purchased by providers of technology products and services, and includes our comparison of insurance products offered by 30 carriers.  The Report is here.

Some of the highlights from the Report:

  • Rates are rising; not by a lot (5% or so), but after years of rate decline, this change is important.  The increasing premium base coupled with this rate increase means insureds will be seeing meaningful rises in their insurance costs.
  • We don’t expect any onerous contraction in the market; it is healthy, and should remain so.
  • However, the spate of data breaches, if considered to be the fault of service providers, has the potential to deteriorate loss ratios and, potentially, further drive up rates (and perhaps drive some carriers from the market).
  • There is a great deal of disagreement between carriers as to whether  response costs for a breach of client data while within control of the insured, is covered if it is not the result of an error or omission.  We are concerned about this: we think that service providers would want to – and be expected to – cover a client’s costs of responding to the breach.  This response shouldn’t require the breach to be the result of E&O.  We predict that carriers will offer more explicit breach response coverage for breaches of client data if they don’t already.

Next issue: Intellectual Property and Media Liability Market Survey 2012 (April)

Will cloud computing be the death of cyber insurance – or it’s salvation?

 

Cloud computing is generally understood to mean the provision of applications and services offered over the Internet. These services are offered from data centers all over the world, which collectively are referred to as the “cloud.” This metaphor represents the intangible, yet universal nature of the Internet (thanks to TechTerms for this definition).  Cloud services include the hosting of data on the provider’s servers.

As many cyber commentators are noting, this movement of data from the insured to the cloud service provider is a material change in the exposure to loss; data are now held (and we hope protected) by a third-party.  Data in the hands of third-party service providers isn’t actually a new concept, but hosting the data on a large-scale basis is new(er).

Does this increase the risk of data breach?  Decrease it?  What are the implication for insureds, cyber insurers, and reinsurers?

Increased risk to insureds and their insurers:

  • The data are out of your control; you are vulnerable to the data protection standards and execution of another party.  Will their standards be as strong as yours? Executed as well as yours?  If the standards and execution change, will you be informed?  If so, what if the changes aren’t to your liking?  What are your options?  It may not be as simple as changing providers.
  • Not only is another company now holding your data, the fact that it is now concentrated in a more public (cyber) location may make it more of a target.  Hackers may not know that your data exist, but they may target the holder of your data for reasons beyond you (maybe the service provider has angered the activist hacker community, or another one of their clients becomes a target, and your data get caught up in the attack).
  • What happens to your data if the service provider goes out of business?

I acknowledge that there can be contractual protections against these types of problems, but are they foolproof?  I doubt it.

  • For insurers, the concentration of risk should be a worry; there is little reinsurance purchased for cyber policies, and insurers should be very concerned about a single breach that affects numerous insureds now that they are in the cloud.  Accumulation risk has always been a concern; it seems as though the cloud makes that risk exponentially greater.

Decrease in risk to insureds and insurers

  • Cloud computing is often described by commentators as a one-way change in risk, but we aren’t so sure.  Many cloud users are smaller organizations, including many start-ups.  These users may not have the resources, insight, and patience to construct and maintain strong security measures.  For them, maybe the cloud is actually a safer environment.
  • If an organization uses the cloud, and the vendor(s) have strong data protections that are known to underwriters, maybe it will make the job of underwriting easier and more successful?  Sometimes protecting a single point of risk can be more effective than protecting many points.

Implications for reinsurers:

  • We spoke above about accumulation risk; this worry should extend to reinsurers to the extent cyber is being reinsured – but it also presents an opportunity for creative reinsurance products to protect primary insurers from a single breach/many insureds loss.

So, I think that the increased use of cloud computing brings increased risk, but also increased opportunity, for insurers and reinsurers.  Cloud risk can be managed, data protection investments can be spread over more data, and active defense (see my earlier post ‘I am growing increasingly worried…”) may be available to beat back the bad guys.

And finally – might cyber risk insurance distribution be changed from data holders buying insurance individually to it being provided by the cloud service provider?

What do you think?

Tech E&O Market Survey snips

Today we posted our Technology E&O Market Survey, which is now in its 11th year, and includes 21 carriers.  New to our survey this year is Ironshore; the (free) Executive Summary is here.

Our Survey found that the market continues to be soft, with rates lowering 5% or so, but that there is premium growth due to new insureds and a recovery in economic activity.  We think that some of this growth is driven by demands by tech company clients for proof of E&O insurance, and is a result of concerns over data breaches.

We saw a further build-out of value-added risk management services offered to insureds, although this market segment offers fewer such services than do, say, the Cyber and EPL product lines.  We’d love to see more – and better – such services bundled with insurance products.

One comment – this Report is now up to 145 pages; we’re not sure if this is a good thing or a bad thing, as one reason we write these Reports is to make information about specialty insurance products more accessible.  The reason for the length of the Reports is that carriers are asking us more and more to cite extensive policy language.

Some of our readers like this length so that they can compare competing policies; others may prefer to have a summary.

I’d be interested in your comments on the ‘quote language at length’ versus ‘please summarize it for us, Rick’ debate.

Thanks!  Next issue is Intellectual Property and Media Liability, to be released in April.