The pendulum is swinging back towards assessing the relative cyber risks between clients, not just categories of risk based on industry…:
[…] In the recent past, if a client was not very large, or if the account wasn’t overly complicated, clients could get cyber insurance by answering fewer than 10 questions, said Katharine Hall, senior vice-president and our national leader in cyber risk Solutions for Aon Canada.
Some can still bind coverage with 10 or fewer questions, but with cyber loss ratios increasing, this is becoming more rare, Hall observes.
“When cyber first started to be underwritten, it was a 20-page application and it had a lot of technicality in it,” she said. “You needed to work with your procurement teams and you needed to work with IT. Over time, they whittled it down, but you can see they are coming back up again.”
When writing cyber insurance, underwriters are asking prospective clients more questions about incident response plans, encryption habits, multi-factor authentication, and password management, Hall told Canadian Underwriter.