Trends in Cyber Risk Management Services

Posted by Mark Greisiger

A Q&A with Rick Betterley of Betterley Risk Consultants, Inc.
Like any segment of the insurance industry, cyber risk management services evolve over time. To get a handle on some of the latest trends, I spoke with Rick Betterley, President of Betterley Risk Consultants (an independent risk management consulting firm), and publisher of The Betterley Report at  Rick can be reached at or 978.422.3366.

What do you see as the major trends in cyber risk management services?
We’re seeing a sharpening of industry focus from the service companies and insurance companies, as well as a more focused range of products for specific industries. The advanced vendors are realizing that one service doesn’t fit all and they have to adapt to particular needs, which is a sure sign of a maturing marketplace. Healthcare is a good example. We see more risk management services that cater to HIPAA, including compliance e-tools.

Another trend is more restriction in regard to vendors. Insurance companies are less willing to allow the insured party to use the vendor of their choice, and that’s a double-edged sword: Controlling the list of approved vendors helps the insurance company better manage their vendors and perhaps pass along better prices to customers but the risk is that the insured will be less satisfied with their policy, as they might not realize they’re restricted in their choice until it’s too late.

The final trend we see is more internal management of vendors by insurers. Insurance companies have an interest in these services as it’s a big part of a claims expense, so they are are investing more time and personnel into looking into them and making sure they’re cost effective, especially for individual claims.

What are the top five reasons middle-market organizations don’t buy cyber insurance?

  1. Brokers generally aren’t good at communicating the value between different insurance policies and the forms are hard to compare so it leaves the insured less confident to buy the product.
  2. In many cases, the insured believes cyber insurance is already part of their policy, when in fact it’s not.
  3. The organization is still resistant to the cost involved and believes it’s too expensive. They might read the headlines about data breaches but still have an “it won’t happen to us” denial.
  4. The organization might be resistant to the idea of notification costs as a sublimited coverage. They might find it off-putting that they are told that they have to get a higher amount of liability coverage to obtain the breach notice limits that are really driving the purchase.
  5. This one is hardly a blinding flash of insight, but the company just might not be paying attention. They might be short-staffed or they think it’s taken care of or they put off buying insurance until next year.

How are cyber insurers responding to fierce competition in the marketplace?
There are close to 30 carriers on the market now. One of the competitive responses we’re seeing is removing sub-limits that otherwise existed on breach notification, so if you’re buying a $10 million liability policy the insurer might let you have it with the full limit for breach notification avis viagra france. This practice was unheard of until last year. We’re also seeing lower deductibles. I already mentioned the limits on vendors, which help the insurance companies keep down costs. Finally, I would say we are seeing a tremendous investment in marketing to help brokers better communicate the value of their product.

In conclusion…
NetDiligence can agree with many of the observations that Mr. Betterley is seeing in the trenches. We are also seeing some leading brokers and insurers that specialize in cyber liability coverage making a push to educate clients with traditional lines of insurance about the many nuances of cyber coverage and the must-have supporting services. This is done through weekly webinars and conferences. Even with all that, I am amazed while speaking at various conferences at how many small and medium-sized companies are just beginning to realize they have a cyber/privacy exposure, and want to learn the very basics. For this reason we are seeing more markets leverage our eRisk Hub® portal to help them get the message out about the liability exposures, coverage for same, and general ‘state of cyber liability union.’