The Top Cyber Insurance Companies in the USA | 5-Star Cyber
Jump to winners | Jump to methodology
Digital defenders
There isn’t a more dynamic or fast-paced part of the insurance industry than cyber.
While that gives providers the chance to innovate, it also means the bar is continually moving and requires them to keep meeting new challenges.
Michael Phillips, cyber practice leader at CFC Underwriting, lists the key requirements for brokers:
Comprehensive and well-designed solutions – “Increasingly on the proactive side and with cybersecurity services in combination with coverage.”
Ease of doing business – “Cyber insurance can be traded digitally with speedy technology enabling the broker to receive quotes, and brokers will want these quotes to be coupled with tools that empower them to better understand the risk and sell the quote to their clients.”
Partnership – “With real expertise and the stability won by years and years of real cyber experience.”
The firm is on an impressive run as by being honored as an Insurance Business America 5-Star Cyber 2024 winner, it completes four annual awards in succession.
Jacob Ingerslev, head of cyber and tech underwriting, highlights two general strengths behind the firm’s eminent position in the industry:
Financial strength – “Being one of the largest insurance commercial insurance companies in the world is one key aspect.”
Comprehensive offering – “Over the last three years, we’ve built out a really exciting offering for our customers, which is we don’t just give them an insurance policy, we bring much more to the table and monitor all their networks throughout the policy cycle.”
“We send out materials and provide educational material. We also have a portal where insureds can log in and read about the latest cybercrime schemes and tactics”
Jacob IngerslevTokio Marine HCC
Detecting danger for clients
Tokio Marine’s intelligence shows that ransomware is still the dominant threat and that’s reflected in the company’s approach as an insurer.
Tokio Marine captures threat trends using various methods including:
tracking ransom payments
increased threats of actors accessing backups
proliferation of attacks on companies with sensitive data
“It’s a bit of a misunderstanding that cryptocurrency is anonymous because you can actually track where it goes,” Ingerslev says of ransoms. “You can track payments going to crypto wallets that have been identified as belonging to ransomware groups. In 2023 over 2022, that number doubled to $1.1 billion from $567 million.”
Another method Tokio Marine uses to stay on top of threats is by monitoring the “wall of shame,” a dark internet website where samples of stolen data are posted to pressure companies to pay ransoms.
This work is carried out by the firm’s Cyber Threat Intelligence Unit, which monitors their insured’s networks to detect any critical vulnerabilities, along with providing a free anti-phishing service.
Ingerslev explains, “They do a lot of research to figure out which vulnerabilities are going to likely be exploited by ransomware groups – that’s the service we bring to our customers. If there are several thousand vulnerabilities each year, 50 or so end up being exploited by ransomware groups. We try to figure out which ones they are.”
Tokio Marine works with another firm that operates in dark web forums and impersonates threat actors. They buy illegally obtained log-in and password credentials from initial access brokers and pass it to Ingerslev’s team. They then inform the comprised party and advise them to change their credentials.
“Typically, they only sell that access once because if you sell it to multiple cybercrime groups, they lose credibility,” adds Ingerslev. “So, we’re pretty sure when this intermediary we work with buys access, then our client is safe. We have time to reach out to them to explain what was exploited and what needs to be fixed.”
All of Tokio Marine’s experience and underground research enables it to remain ahead. It additionally monitors exploit kits for sale, which are ransomware tools that enable access to systems.
“We try and predict the threat actors’ next moves by monitoring the dark web forums where there is a lot of chatter. We gather that intel, and we try to predict what’s coming next and the tactics of cyber criminals.”
There are times when Tokio Marine’s clients suffer ransomware attacks or wire transfer fraud, when a legitimate-looking email instructs someone within a company to transfer money. It happens around 20,000 times per year to businesses in the US.
If the insured alerts Tokio Marine quickly, there is a good chance the firm’s skilled team of operators could get the money back. The criminals use mules who have US bank accounts where the money is transferred. Once in a US bank, the money can then be sent globally from where it is likely lost.
“They need a real banking account in the US as a first step because usually, if you transfer directly to an international banking account, it typically gets picked up in a surveillance algorithm,” explains Ingerslev. “If the money is still sitting in the US banking system, we can get it back to the victim. Every week, we help some of our insureds by being quick, in terms of reaching out to law enforcement, typically the FBI, who then puts a freeze on it.”
While Tokio Marine stands out for its all-round package, there are two elements that brokers have complimented them for.
Coverage – “It’s being innovative and being responsive to brokers asking for new coverage enhancements. We try to be flexible; we’d rather sell better coverage than be the cheapest in the market,” comments Ingerslev.
Access to mitigation partners – This is something that Ingerslev takes particular pride in. The firm has merged cyber insurance and cyber services to offer clients greater protection and support.
“Our insureds are informed if they have vulnerabilities and we do onboarding calls if they want, where we can help remediate issues that we’ve detected in our monitoring.”
This extends to Tokio Marine’s Incident Response Team, which brings in experts to help with data recovery and backups. There is the possibility of an insured being sued following a data breach, which means lawyers have to be involved.
Ingerslev adds, “We put together the whole process for them, so they don’t have to think about it themselves and we bring all the parties together to help them have the least painful experience possible.”
Insight from this year’s broker respondents showed some changes from the previous 12 months. External scanning has become a more important factor when selecting a provider.
Industry expert Nadia Hoyte, national practice cyber leader at USI Insurance Services, explains that external scanning was seen as the next phase years ago.
“Initially, the technology reported on all ports that were purportedly tied to a policyholder. This resulted in a lot of false positives, which led to questions about the usefulness, validity, and practicability of external scans,” she says. “Recently, we have begun to see how data and signals have been refined to provide better results. While there is more work needed here, we are on a better trajectory and on the road toward better scanning technology.”
Another signal from IB America’s data was the next for brokers to stay current.
“Cyber is constantly evolving. It is a product line that needs 24/7 engagement from all parties involved. As brokers, we have to be on the forefront to educate our clients,” says Akhil Chopra, Lockton’s cyber brokerage leader.
And this is echoed by Hoyte, who adds, “The challenge has and will always be that while cyber insurance is insurance, it cannot be treated like other insurance lines of coverage. Everything about cyber is dynamic. Cyber forces brokers to lean into uncharted territory.”
“Cyber insurance is not traditional insurance and should not be considered in the same vein”
Nadia HoyteUSI Insurance Services
AIG
AmTrust
AXA XL
Beazley
Chubb
Travelers