Live Webinar 11/20: SMB Cyber Survival Guide 2025

A strategic approach to building a strong cyber excess tower

Coalition Active Cyber Excess Insurance

While the cyber insurance market is settling to some degree, there are still lingering challenges around capacity and availability. This creates an increasingly important place in the sub £1bn revenue business space for excess insurance.

As Coalition launches its excess offering in the UK, we wanted to share how brokers should consider a strategic approach to building a cyber insurance tower — a must at a time when the market is so diverse in its coverage, capacity, and risk management provision.  

Despite some providers seeking to reduce their risk exposure by lowering capacity or withdrawing from cyber insurance space altogether, the cost to a business of a cyber incident is not decreasing. Professional fees for incident services such as legal, breach response, crisis management, public relations, and IT remediation add up significantly, as does the financial impact of business interruption and reputation damage. And this is without considering the more direct costs of an incident, such as money lost to funds transfer fraud (FTF) or a ransom payment.

All of this means that an increasing number of businesses require higher liability limits than some insurance providers are able to offer. Building an Excess tower can solve this problem as long as consideration is given to some key areas particularly relevant to cyber insurance.

Underwriting is key

It’s essential to select excess insurance providers whose underwriters have considerable expertise in cyber risk and who have the tools to quickly and accurately evaluate and analyse your client’s exposures. Whether that’s through using automated digital risk assessments, or having an infrastructure built on a modern tech platform which enables experienced underwriters to understand risks faster.

Without an in-depth understanding of the array of coverages available in cyber policies, including nuances in wording, it may be difficult to assess the primary policy quickly and provide an accurate and fair quote.

Avoiding gaps in cyber cover

One reason why a broker’s role as an intermediary is so critical in the cyber insurance buying process is that a client’s understanding of what coverage they may need in the event of a cyber attack is unlikely to match the reality. Correctly interpreting an insurer’s policy wording could mean the difference between a claim covering a cost or not. So in the case of a tower, gaps in the primary can reverberate upwards.

As well as ensuring a comprehensive base level, brokers should be looking out for gaps in between layers. Is the excess insurer fully following form, or are there exclusions to look out for that don’t align with the primary? And clarity is important around when and how claims are triggered. This helps to ensure that the excess insurer is in a position to work with the other insurers’ teams to resolve the claim quickly and without additional legal intervention. 

For example, if the loss is greater than the primary limit, but the policyholder settles a portion of the claims cost for less than that limit with the primary insurer, is the excess insurer still contractually bound to pay for part of the claim?

Cyber Risk management

For most business insurance lines, risk management tends to run in parallel, the function often being provided by the client themselves or by third parties. Cyber insurance and risk management are intrinsically linked and as such, more and more insurers are offering services to help brokers and their clients mitigate their risk.

This can create a challenge for brokers when building an excess tower, especially when each insurer offers a different proposition for risk management services. Brokers must consider this and how these services complement each other for every layer, including the primary.

Creating a tower that adds the most value for clients in terms of cyber risk management is a top priority, so mapping this out from the start helps build the strongest tower. As long as the primary has the right coverage for the client’s needs, they don’t necessarily need to have the best cyber security support and resources if this can be provided through an excess layer.

Coalition, for example, will follow form on primary coverage. However, we still provide our risk management services, such as risk assessment reports, attack surface monitoring software, and expert in-house cybersecurity advice, to the policyholder regardless of our position in the tower.

Coalition as an excess partner

At Coalition we approach excess opportunities in the same way we do any client: by aiming to provide a fast, efficient underwriting service and coverage that adds value from day one. According to Head Risk Engineer, Stephen Wares:

“Coalition maintains a relentless focus on all aspects of the risk journey, from prevention to remediation and financial support. We are ideally positioned to provide a fast and efficient Excess service that supports brokers, while providing active insurance that adds significant value for the client.”

Our mission is to protect the unprotected, which means we want to give every client the tools to help them shield their business from cyber attacks. Whether we are the primary or the excess provider, every policyholder benefits from our cyber risk management services, backed by the knowledge and expertise of our incident response, claims, and cyber research and development teams.

If you’d like to learn more, visit our excess insurance page or connect with a member of our team through our Broker Enquiry Form.