By Jim Finkle
BOSTON (Reuters) - Insurer Ace Ltd plans to start offering cyber security policies providing up to $100 million in coverage at a time when experts say it is hard for businesses to obtain such large coverage following the surge in high-profile breaches.
The plan comes with services from firms that help identify cybersecurity vulnerabilities and respond to cyber attacks. They include BitSight Technologies, FireEye Inc's Mandiant services group, Navigant Consulting Inc, NetDiligence, Promontory Financial Group and Verizon Communications Inc.
To apply for a policy, customers go through intensive scrutiny during underwriting, a process that includes reviews of cyber security defenses, strategies for mitigating the impact of breaches and board plans for responding to attacks, said Toby Merrill, division senior vice president for Ace Group's global cyber practice.
Applicants can still obtain coverage if deficiencies are uncovered, but they must allow one of the outside cyber security firms appointed by Ace to conduct an on-site assessment.
The consultants will recommend steps to remediate any shortfall, though the policy does not require that they immediately implement them, Merrill said of the program, which Ace plans to announce late on Thursday.
The company will review those areas when it comes time to renew the policy, he said.
The partners are helping Ace refine its process for quantifying risk during underwriting, a process that experts say has been a challenge for all cyber insurance carriers because they do not have enough data.
"There are no actuarial tables for cyber," said Karen Kukoda, partner alliance director with FireEye. "Ace is building us into their process to help assess risk for clients."
Ace announced the move as it looks to boost its premiums, and profits, from providing cyber policies, one of the insurance market's few rapidly growing areas.
Consulting firm PwC earlier this month estimated that total annual premiums on cyber insurance will triple to $7.5 billion by 2020. That report warned the industry that it could face competition from disruptors such as Google if it does not act fast to develop new products.
Most of the $2.5 billion written in cyber insurance last year was in the United States, where requirements to notify data breaches have focused attention on cyber protection, according to PwC.
(Reporting by Jim Finkle; Editing by Christian Plumb)