All material subject to strictly enforced copyright laws. © 2022 Insurance Insider is part of Euromoney Institutional Investor PLC.
Accessibility | Terms & Conditions | Privacy Policy | Modern Slavery Act | Cookies | Subscription Terms & Conditions

AIG leads cyber market on $400mn Capital One tower

Capital One Bank

The global cyber market is braced for a potential record $400mn loss after the personal details of around 106 million Capital One customers were stolen in a hack, The Insurance Insider understands.

Yesterday the US retail bank and credit card issuer announced the breach, which led to names, addresses and phone numbers of people across the US and Canada who applied for its products being stolen.

Sources told this publication that AIG leads the $400mn placement, which is brokered by Marsh and written across the US, Bermuda and London markets.

If the full limit is exhausted – which, given the scale of the breach, sources speculate is a possibility – it would be a new record claim for the cyber market. It would top the circa $300mn Marriott loss incurred at the end of 2018.

It is understood that AIG’s single primary layer is $15mn, and the following lower layers up to $105mn are all written by US domestic markets, including Axis, Chubb, Sompo International, Berkshire Hathaway, Nationwide and CNA.

Bermudian and company market players generally feature on the mid layers of the placement, while London carriers predominantly write the high excess layers, from an attachment point of around $200mn.

Sources said the Marsh Echo cyber facility, which is led by Brit and Axis in London, was used to fill the highest excess layers.

It is understood that Capital One bought an additional $100mn in limit at its last renewal.

It is a legal requirement in the US to notify customers if their personal data has been leaked – the costs of which are typically covered under a cyber insurance policy.

According to sources, the cost of notifying – and, in Capital One’s case, issuing new credit cards – to customers can vary between $2 and $7 per person.

Even at the lower end of this range, at least half of the Capital One tower would be exhausted.

Sources also said there was scope for class actions and for companies reissuing credit cards to pursue Capital One for the associated costs, which would add to the loss tally.

Despite the Capital One and Marriott breaches generating large losses for the cyber market in quick succession, appetite to write the risk still remains strong. Even after the uptick in loss experience, premium rates are staying flat, although terms and conditions continue to widen.

Sources said the Marriott breach had led to a slight wariness of large US corporate cyber risks in London, with markets often choosing to offer up smaller line sizes than previously, but capacity is still plentiful.

AIG, Marsh, Axis, Brit and Sompo International declined to comment.

All other mentioned parties in this article did not respond to requests for comment at the time of publication.

We use cookies to provide a personalized site experience.
By continuing to use & browse the site you agree to our Privacy Policy.
I agree