Cyber insurance has grown a lot in recent years. Coverage is now wider and insurance companies are more careful about who they cover. There is also more money available for these policies after a tough period in the market. But Akhil Chopra, a senior vice president at Gallagher US, says many insurance programs are still focused on big hacks in the news, not on how actual losses happen.
Chopra believes that policies should be designed around real-world situations that cause losses, not just the official wording in policies. This approach is key to making sure insurance works when businesses really need it.
One common issue is business interruption coverage. Many policies only cover interruptions if data is permanently lost. But events like ransomware attacks or cloud service outages can stop a business from working even when data isn’t destroyed. In those cases, the details in the policy about what triggers coverage and how long a company must wait before making a claim can decide if the insurance pays out.
Chopra says waiting periods should line up with how long systems are actually down and how companies make money. He also points out that as businesses rely more on cloud services and outside vendors, it’s important to cover interruptions caused by these third parties. Many problems start with vendors, but their impact isn’t always considered enough in insurance programs.
He urges brokers to help clients understand all the ways their business could be disrupted—not just from data breaches but from interruptions that ripple through the supply chain. This includes things like business interruption, issues caused by vendors, privacy claims, ransomware, and cyber extortion.
Another tricky area is the gap between cyber insurance and crime insurance. Problems like social engineering scams and fraudulent money transfers can fall through the cracks if policies aren’t carefully coordinated. Combining cyber and crime coverage often helps close these gaps.
Chopra also highlights that clients often misunderstand regulatory risks. They tend to worry about fines, but the costs of defense and fixing problems can be even higher. Having clear proof of internal controls can help reduce issues when regulators get involved.
Tech problems that aren’t caused by hackers, such as coding mistakes or bad updates, can also cause big disruptions. These can hurt a company’s reputation and cause customers to leave, adding to financial losses. Insurance programs need to be carefully set up to handle limits and exclusions that might reduce what’s paid out.
Insurance companies are using more artificial intelligence (AI) to review submissions. But Chopra warns that AI is only as good as the data it gets. He expects AI will help speed up the process by organizing information and doing quick risk checks before brokers get involved. This should make things more efficient, but it won’t make underwriting easier—just more accurate.
Clear communication is very important, Chopra says. Brokers need to explain how policies will affect the business, not just use insurance jargon. He says it’s time to stop using complicated terms and speak in a way clients really understand.
Cyber insurance is easy to get in the US market now. But as businesses depend more on outside vendors and face more complex risks, the difference will be whether policies are based on how losses actually happen. It will matter if brokers can clearly explain a policy before a claim is made.