Captives Writing Cyber Liability Insurance Grows 95%

01 August 2019

The number of captive insurance companies writing cyber liability insurance continues to grow at a rapid pace, as large companies use their captives to support innovation in technology and business models.

The number of captives writing cyber liability coverage over the past five years has grown by 95%, according to Marsh’s The Captive Landscape: Securing Your Future With a Captive report. Captives writing cyber liability increased by 15% in 2018, having already grown 10% in 2017, 19% in 2016, and 30% in 2015.

Some companies are already using captives to tackle emerging cyber and technology risks through advanced analytics, and to fill gaps that commercial insurance does not address, according to the report.

Cyber was said to be a growth area for captives across most sectors including; financial institutions, health care, retail/wholesale, manufacturing, and communications, media & technology.

Emerging Risks

New technology risk is expected to be a growth area for captives, according to a recent Excellence in Risk Management survey published by Marsh and RIMS. Captives have proven to be effective in financing self-retained losses, providing their owners with flexible options to finance emerging and high-severity risks, such as cyber liability and terrorism.

More than half of survey respondents said they plan to write additional exposures using their captive in the coming years.

For example, health care companies could use captives to provide solutions for emerging cyber risks, such as the internet of medical things, while manufacturing firms could use captives to cover risks arising from autonomous vehicles, smart factories, and 3D printing.

Captives Writing Cyber Liability Insurance Grows 95%Captives in the energy, food and financial services sectors could use their captives to facilitate cover for risks associated with emerging technologies such as; blockchain, artificial intelligence and the internet of things.

Emerging technology can create new risks to insure, according to the report. For example, distributed ledger technology, such as blockchain, enables multiple parties to record ownership of assets, without any single party being able to change or tamper with the records.

Registering data on a blockchain essentially creates a digital asset in a process known as “tokenisation”.

As blockchain is a new technology and loss exposures are not yet well understood, the commercial insurance marketplace finds “tokenised assets” difficult to insure. However, there is an opportunity for captives to offer tailored coverage for blockchain risks.

Cyber Terrorism

Captives can provide cover for other difficult-to-insure risks, such as cyber terrorism. Whether a cyber incident compromises internal or customer-facing systems – or an act of cyber terrorism shuts down an organisation – a captive can provide valuable financial protection alone or in combination with commercial insurance.

Cybe Decoder Survey banner

Captives can also be used to access cyber terrorism insurance offered by state-backed terrorism facilities. For example, US captives accessing the Terrorism Risk Insurance Program Reauthorization Act for property can also buy cover for cyber terrorism events, if they are certified by the Secretary of the US Treasury, pursuant to TRIPRA.

In the UK, captives can buy property damage cyber terrorism cover from Pool Re, the country’s state-supported terrorism reinsurer.

CIO Tool

The advantages of a captive can be aligned with internal stakeholders’ objectives, including the Chief Information Officer (CIO) or Chief Technology Officer (CTO). For example, capital and surplus from a captive can fund analytics and cyber risk assessment services to enhance data security.

Captives can also enhance data collection on cyber risks, and facilitate risk-data sharing across an organisation to inform business decisions.




  • Sarah StephensSarah Stephens

    As part of Marsh JLT Specialty's London-based Financial Lines Group, Sarah and her team work both directly with our clients and with network colleagues and independent partners to make sense of cyber, technology, and media E&O (PI) risks and create leading edge bespoke insurance solutions in the London market.

    Prior, Sarah spent 12 years with Aon in a variety of roles. Her last role at Aon was Head of Cyber & Commercial E&O for the Europe, Middle East, and Africa (EMEA) Region, working with colleagues across business groups and clients in the region to identify, analyse, and drive awareness of cyber risks, exposures, and both insurance and non-insurance solutions.

    Previously, Sarah spent seven years with Aon’s US Cyber and Errors & Omissions practice group thinking nonstop about cyber insurance way before it was cool. Her first four years at Aon were spent in the Account Management group working with large clients and developing a keen eye for excellent client service.

    For further information or to learn more about cyber insurance, contact Sarah Stephens, Head of Cyber, on +44 (0)20 8108 9541.

  • For more articles like this, download our Cyber Decoder

    Share this article

  • Get everything you need, delivered straight to your inbox.

    Sign up to receive our latest news and insights here.


Services provided in the United Kingdom by Marsh JLT Specialty, a trading name of Marsh Ltd and JLT Specialty Limited (together “MMC”). Marsh Ltd is authorised and regulated by the Financial Conduct Authority for General Insurance Distribution and Credit Broking (Firm Reference No. 307511). JLT Specialty Ltd is a Lloyd’s Broker, authorised and regulated by the Financial Conduct Authority for General Insurance Distribution and Credit Broking (Firm Reference No. 310428).

This is not legal advice and is intended only to highlight general issues relating to its subject matter. Whilst every effort has been made to ensure the accuracy of the content of this document, no MMC entity accepts any responsibility for any error, or omission or deficiency. The information contained within this document may not be reproduced. If you are interested in utilising the services of MMC you may be required by/under your local regulatory regime to utilise the services of a local insurance intermediary in your territory to export insurance and (re)insurance to us unless you have an exemption and should take advice in this regard.