In a world that for better or worse is changing at warp speed, insurance professionals face a daunting array of challenges as they strive to protect their clients against new and emerging risks. Perhaps no other risk category is evolving as rapidly as cyber exposures, which seem to mutate and divide like living cells in a Petri dish.
By now it’s clear that general-purpose policies don’t provide adequate coverage for cyber exposures, and many retail agents and brokers are turning to the MGA market for solutions.
A standout in this arena is Evolve MGA in San Rafael, California, which was established by brothers Patrick and Michael Costello to bring specialized expertise to retailers in the complex world of cyber risks.
Patrick obtained his P-C license while in college and interned at Lloyd’s. After training with ACE Group and earning the CPCU designation, he worked as a professional liability underwriter. Patrick then turned his sights toward the cyber market and in 2015 teamed up with his brother Michael and found Evolve. Michael worked as a retail producer throughout college and then received three years of cyber specialty training at Lloyd’s.
Laser focused on delivering solutions to retailers whose clients face cyber exposures, Evolve boasts a “dream team” of bright young professionals who eagerly embrace their mission and love to play as well as work together. From planned retreats to spontaneous gatherings, Evolve fosters a culture that deftly blends rigor with relaxation.
A look at the market
To start off, we asked the brothers how they would characterize current conditions in the cyber insurance market with respect to capacity, competition, and pricing.
“There’s a ton of capacity looking to get into the cyber insurance world,” Patrick responds. “The issue is that the majority of capacity providers have little experience when it comes to cyber underwriting, rates, coverage, and, most important, claims handling.”
As for competition, he comments, “Plenty of competition exists in the cyber market, but few markets offer quality coverage, and even fewer can underwrite it effectively. At this time only a handful of markets are doing this successfully. Many U.S. retail brokers are raving fans of Evolve because we’ve dedicated ourselves to quality underwriting, progressive coverage, and a seamless experience from start to finish.”
How about pricing? “For small to mid-sized businesses, pricing is cheap,” Patrick says. “For businesses that have more than $250 million in revenue, pricing is extremely inconsistent across the market. Historical loss information for larger businesses cannot be applied to modern rating models built for newer forms of coverage.
“Our goal,” he adds, “is to provide tremendous sustained value to the retail brokers and insureds we work with on a daily basis. By setting up strategic partnerships with some of the brightest minds in the cyber world and consistently strengthening our internal resources, we are able to offer our brokers progressive coverage at competitive rates.”
Looking ahead to 2020 and beyond, Patrick sees continued robust growth for the cyber insurance market and explains why: “We estimate that currently 30% of U.S. businesses are purchasing a monoline cyber insurance policy, totaling roughly $6 billion in gross written premium. Enhanced privacy regulation, combined with advancements in technology and ever-evolving hacking techniques, will result in a significant demand for quality cyber insurance policies.
“At present,” he observes, “we see at least three claims a day. If an insurance agency hasn’t had a cyber claim itself, there’s a strong chance one of its clients has had something pretty serious. By 2025, we expect the U.S. market’s gross written premium to surpass $20 billion.”
Myths and misconceptions
Cyber risks are proliferating at a rapid pace, and retail agents and brokers face the challenges of understanding the exposures, helping each client identify its specific exposures, and finding coverage that addresses these exposures. In general, how well do the Costellos think retailers understand cyber exposures and coverages? What are some of the common misconceptions?
“This is the number one issue that the cyber insurance world faces at the moment,” Patrick asserts. “The majority of retail producers have trouble understanding the exposures and identifying quality coverage. This is understandable, because hacking attacks are changing all the time, the majority of cyber markets are offering anemic coverage at best, and the more progressive markets update their coverage every four to six months.”
Patrick cites three misconceptions he and his colleagues routinely hear from the retailers they work with:
- “Small to mid-sized businesses don’t get hacked.”
- “My client only needs to be concerned about data breaches.”
- “A business that uses cybersecurity measures is 100% protected.”
At the time of our interview in mid-November, Patrick said two major types of hack attacks were causing serious damage to businesses in every industry across the country. “Those hacks are ransomware and wire transfer fraud,” he explains. “As we often tell our producers, if a business uses email and has a bank account, it is exposed to both of these kinds of hacks. Every retail broker should be educated on how these attacks happen, where coverage is triggered, and best practices to stop attacks before they start.”
When talking about wire transfer fraud, the Evolve team likes to use the abbreviation WTF. “We call it WTF because that’s exactly what a business owner will be thinking when he or she sees that $50,000 has been transferred to the account of a criminal,” Patrick says.
Since it was established almost five years ago, Evolve has developed relationships with thousands of retail brokers across the U.S. How does the firm help retailers deal with the challenges they face?
“Beyond providing a high-quality product combined with a streamlined quote-to-bind process and a top-notch claims team, Evolve is hyper-focused on education,” Patrick asserts. “Our specialist underwriters provide huge value to our brokers and insureds on a daily basis. Because we live, eat, and breathe this stuff, we jump at the opportunity to simplify cyber insurance.
“We train retail agents in how to understand and sell coverage through lunch and learns,” he continues. “We create specialized marketing materials, jump on calls with our brokers and their clients, and spotlight major issues in the industry.”
The organization recently hosted in Chicago its first in-person broker training seminar, dubbed the Evolve Cyber Sales Academy. “It was a huge success,” Patrick notes, “and we plan on hosting a series of these events across the country in 2020.”
What are the key features of Evolve’s cyber policy, and in what ways does it differ from other products on the market?
“We offer some of the broadest first-party coverage that currently exists,” Patrick responds. “This is where 90% of cyber claims occur. The majority of products on the market offer liability-based coverage with little to no first-party coverage. On top of that, many policies include risk management warranties that remove coverage in the event the insured does not comply with extremely specific risk management protocols.
“We do not include warranties in our standard offering,” he adds. “We provide broad funds transfer coverage that considers the insured’s bank account, the C-suite executives’ personal bank accounts, and clients’ bank accounts. We’re also on the cutting edge of new kinds of coverage, like cryptojacking, system failure, hardware replacement, bodily injury, and dependent business interruption.
“Our product is packaged with $5,000 worth of risk management services that educate insureds on best practices and increase security awareness,” Patrick says. “Our retailers and their insureds also have access to one of the largest cyber-specific claims handling teams in the industry, made up of forensics experts and data breach attorneys.”
The Evolve policy covers the costs of cyber incident response; losses that result from many forms of cybercrime; system damage, including reputational harm and business interruption; and cyber and privacy liability, including regulatory fines and penalties and PCI fines, penalties, and assessment costs. Among the policy’s enhancements are a 24/7 incident response advice hotline with no deductible, incident response costs outside of limits, unlimited reinstatement on all first-party coverage, and full prior acts coverage.
Given the Costello brothers’ background with Lloyd’s, it comes as no surprise that Evolve places 100% of its business there. “It’s the ideal market for emerging risks,” Patrick observes. “Not only does Lloyd’s have strong financial ratings, like the A.M. Best A rating, but also it has the ability to update coverage in real time.”
He says such flexibility is essential in cyber insurance because hack attack methods change so frequently. “The admitted markets tend to move more slowly because of all of the state licensing requirements,” Patrick notes. “We believe Lloyd’s will always be a leader in the cyber space because of its ability to address the evolving nature of hack attacks and technology.”
The cyber team
As noted earlier, Evolve works with thousands of retail brokers across the country. To deliver service and support to these customers, Michael says, “Evolve fields a team of 30 cyber specialists who are based in 13 major cities. Of these specialists, about half are cyber underwriters and the other half are production underwriters.
“We’ve purposely grown Evolve regionally throughout the country so that our production staff can address the number one cyber issue across the cyber industry, which is education about exposures,” he adds. “Our production team spends the majority of its time in retail agencies, educating producers and account managers about the exposures and how our coverage addresses them, and explaining how the claim process works. The team’s goal is to simplify what seems to be a complex coverage.”
Since it was founded in 2015, Evolve has achieved exponential growth year over year. What factors account for the firm’s success in the hotly competitive cyber market?
“Our number one goal is to help retail agents and brokers increase their cyber bind ratio across the entire organization,” Michael responds. “As cyber specialists, we have the pen for what we believe is the broadest cyber coverage in the marketplace, and we work directly with retail producers. Some of the best products on the market come from Lloyd’s, and U.S. retailers have to go through a convoluted process with two layers of middlemen to access those products.
“We thought, ‘What if we could streamline the process by getting the best product and distribute it directly to retail agencies?’” Michael continues. “We decided to specialize in this one product that’s constantly changing so we could give it the attention it needs and efficiently help retail agencies understand and sell the coverage.”
Adds Patrick: “When it comes to cyber, we are confident that we can provide far more value to retailers than anyone else in the market.”
You say you want an evolution? Keep your eye on Evolve MGA as it leads the charge into a challenging arena where cyber risks are constantly changing and delivers specialized expertise to retailers whose clients daily confront those risks.
Reprinted from the January 2020 issue of the Rough Notes magazine with permission.
A note from PIIAC about Evolve MGA – PIIAC members can access Evolve MGA as a market for their client’s cyber coverage and for their agency’s cyber coverage. Evolve has local team members in Denver that we work with. For more information, click here or email PIIAC.