Cyber insurers are starting to rethink the scope of their coverage, especially when it comes to privacy risks, experts said at a recent conference in New York. After years of competitive pricing and expanding capacity, many insurers are now tightening their policies amid changing regulations and rising privacy lawsuits.
At Zywave’s Cyber Risk Insights event, industry leaders shared insights on how carriers are increasingly cautious about privacy coverage. Beth Gidicsin from Lockton highlighted that while many cyber policies have historically included broad privacy protections, insurers are now adding exclusions to manage new risks. These exclusions can sometimes be removed if clients undergo specific underwriting.
The shift comes as privacy law changes in the U.S. and around the world lead to more legal claims that don’t necessarily involve data breaches. Traditional cyber insurance was built mainly to handle losses from hacks or leaks, including fines and penalties. But now, companies can face privacy litigation even without a breach happening.
Gidicsin emphasized the importance of pushing for strong privacy coverage, as it is becoming a bigger concern for all types of businesses. She also mentioned ongoing discussions about filling coverage gaps, such as whether cyber-related property damage is covered by cyber or property insurance. The industry is exploring new ways, possibly new products, to address these issues.
Beyond privacy, carriers are also looking at other emerging risks. They are testing endorsements that cover AI-related threats and cyber incidents that cause property damage. Business interruptions tied to IT failures or disruptions in related systems are also under the spotlight, especially given our growing reliance on cloud services.
David Derigiotis, president of RT Specialty Detroit, underscored the need to tailor coverage to each client’s situation. He pointed out that offering the broadest possible policy to everyone isn’t practical. “You have to be very careful,” he said, “to make sure the coverages fit the risks involved.”
Lori Bailey from Axis agreed, saying the market is moving away from one-size-fits-all policies toward customized solutions for different business types. Derigiotis added that it’s crucial for policyholders and insurers to keep a close eye on regulatory changes and how those might affect coverage.
This evolving approach shows that cyber insurance is no longer just about paying for breaches. It’s adapting to new threats and legal challenges, with insurers finding ways to offer protection that really fits the modern risk landscape.