This report, written by the team @TheGrahamCo, casts doubt on using a “new captive” for cyber risk, as captives are commonly used for “high-frequency, low-severity” claims, while cyber attacks are often low-frequency and high-severity. Captives make more sense if they’re “mature” and have enough surplus capital to cover substantial losses.
“If your organization has a well-established captive and is interested in adding a cyber liability component, you may wish to consider these options:
- Retention funding: Use your captive to fund your current cyber retention…
- Layer ventilation: Consider taking a layer of the excess tower placement — either the full layer or through a quota share.
- Coverage expansion: Write a Difference in Conditions policy in the captive to fill gaps in coverage or common exclusions related to cyber. For example, cyber incidents that are caused by ransomware or resulting bodily injury losses stemming from cyber incidents.
- Unique exposures: Provide primary coverage for organizations and risks that are uninsurable, or that cannot get cyber coverage in the traditional insurance market.”
Source: Are cyber captives the right choice for your business? | PropertyCasualty360