M&A Roundtable: Quarterly Report - Part 1

Intro (00:01):
You are listening to the Alliant M&A Roundtable, providing insights and expertise on the unique risk management needs associated with private equity firms. Here is your host, Jonathan Gilbert.

Jonathan Gilbert (00:20):
Thanks everyone for joining another M&A series podcast. What we wanted to do is share a little bit of what we're seeing in the property casualty management liability and cyber insurance marketplace, as it relates to private equity-owned companies, Alliant M&A has a large presence in the private equity community and has a finger on the pulse of what's going on in the market. We've thought that we’d share that all with you. To start with, we're going to turn to Bobby Horn, who's the leader of our cyber practice at Alliant and works on a lot of private equity-owned companies. Just to understand a little bit about what's going on in the cyber world. Certainly, you can't open a newspaper or turn on the news without some mention a cyber, a cyber-attack, a cyber incident, or even in some cases, how that's affected the insurance markets. So, Bobby, just why don't, if you can give us a quick overview on the current state of the market, what private equity owned companies are experiencing different from last quarter or last year, that would be great.

Bobby Horn (01:15):
Yeah. Thanks, John, and thanks for having me on. Yeah, as you mentioned, right, I mean, it's certainly, everywhere in the news, whether it's large manufacturers, retailers, meat distributors, oil and gas industries, Colonial Pipeline was one of the big ones earlier this year, and then just yesterday, T-Mobile just came through, that they had a large breach of their network. So certainly, we're seeing it with all industry classes. No one has been immune to the kind of issues in the cyber marketplace. And as a result of all of these claims, all these breaches, the market has really firmed up a lot over the last 12 months. I think we started to see that change in the second half of 2020, and then really took off in December of 2020, and then certainly in the beginning of this year, through the current market right now, and there's been a real focus on controls, right?

While there was always an application process involved in getting quotes for cyber, it was pretty much just check the box, underwriters reviewed it and offered quotes and limits and very competitive retentions premiums and very broad coverage. What we're seeing now is hyper focus on those cyber security controls. So, things like multifactor authentication, uses of backups and endpoint detection, response tools. Those are really key controls that underwriters are looking at these days, that without them, it's very hard to get terms, not even for new business, but also for renewals. We're seeing carriers outright non-renew clients that don't have things like multifactor authentication in place. Probably the biggest hurdle we've had this this year is making sure that they're aware of what carriers are looking for from a control standpoint. And also just: Hey, look, we're seeing large increases, not only in premium, but retentions and the waiting period element, which is an extension of the business interruption side.

So, it's been certainly the hardest market that this product has seen in probably it's 20 years of being around, and I don't see changing through the end of the year. If anything, we're probably going to experience even more difficulties just as carriers pull back on capacity and in some cases, just not running new business at all. We're seeing some carriers, mostly in the London market, pretty much are pencils down at this point, because of the increases they're getting on the renewal book. They have met their capital requirements for new business. So, they don't have to write any new business anymore, which is very difficult at the end of the year, right, when you've got a lot of new business still coming in and you have renewal programs with big limits, it's giving a challenge to get some of our clients the covers that they have, or they need going forward.

Jonathan Gilbert (03:39):
You know, as we talk to private equity firms and sort of help them prepare their portfolio companies for upcoming renewals or frankly just managing cyber risk, what do we recommend they do from a risk control standpoint, use sort of an insurance term, to make sure that they're in the best spot. Is it diagnostic review and corrective action? What would you sort of to our private clients as you do every day?

Bobby Horn (04:02):
Yeah. So exactly that, right. It's a diagnostic of your controls right now. And we partner with several firms and vendors as you know, John, to work with our portfolio clients to make sure that they have these controls in place, at least by renewal. And if not by renewal, sometime close to that. We actually put together a best practice worksheet for our clients. It shows kind of the baseline controls that they need to have in place, and then things that are a little bit better and then, obviously, the best practices. So, we've been sharing that with our portfolio clients, so that they're aware of what the underwriters are looking for from a control standpoint. And we've seen that those clients that are able to implement those controls are the beneficiary of better terms conditions. That's not to say they're not getting them decreases on their premiums, but at least they're on the lower end of the increase that we're seeing compared to those clients that don't have those controls in place. So, really making sure that we're getting ahead of it and making sure that they understand exactly what they need to have in place.

Jonathan Gilbert (04:55):
And that makes a lot of sense, you know, just touching on rate, as you just did, what do you see as the average sort of increase for companies in the third quarter that we're in right now?

Bobby Horn (05:04):
Yeah, we actually just released or are in the process of releasing our midyear review. On average, we're seeing 50% to 60% increases in premium for our clients. And that's obviously on the low end, you know, our healthcare clients, we're seeing anywhere between 100% and 150% increases in premium, somewhere in the middle, I think is what we can probably expect for the end of the year. Again, it's going to come down to those controls. If you have good controls in place, you'll be on the lower end of that spectrum. And then the other thing to take into consideration are the increases in retention. Certainly, carriers want to see clients have more skin in the game. So, the days of a $5 million limit with a $25k retention are gone, right? They're seeing minimum $50k - $100k retentions for those 5 million limits. And also, important to point out too, right? We're not seeing too many carriers willing to keep putting up $10 million limits, unless we're talking about large national type accounts, but for our small, you know, middle market sub billion revenue companies, $5 million is pretty much the cap from a limited perspective.

Jonathan Gilbert (06:03):
In terms of claims experience - and I know you and I have had a number of portfolio companies that have been affected with cyber incidents, whether it's the various third party attacking the system or something else. What have you seen in terms of losses? To me, it seems as though costs continue to escalate and exceed, in some cases, the limits that are in place are the policies. I think it's catching everyone a little bit by surprise what what's your sort of thought there.

Bobby Horn (06:27):
Yeah. And it varies with each client, right? So, we we've had clients where they had a large ransomware demand that the decision between the private equity sponsor and a port for oil company was to not pay it, right. It was just not in their interest to pay that demand. And so, they decided to rebuild from backups. And in that case, you know, they didn't have a sufficient limit. Just, it was a decision that was made when we banned the renewal that they wanted to go with this lower limit. And unfortunately, even without paying the extortion demand, the business interruption loss exceeded the aggregate limit that they had in the policy. And that's what we're seeing a lot of. Right. I think people tend to forget when they think of ransomware, they think of just the extortion payment, but more often than not the loss on the business eruption side exceeds the actual extortion payment demand. And that's something that we need to take into consideration with our clients and say, you know, when we're going through that process of buying coverage, if you were down for what kind of loss would that be for you from a business income standpoint and making sure they understand that if you do decide to not pay demand, you know, how long can you be out and what, what is that financial impact going to be to your company?

Jonathan Gilbert (07:28):
That's great. Bobby, I think just to kind of sum up, you know, really, I think the key is for private firms to take an interest in the cyber insurance renewal at the portfolio company, because there will be changes and there will be a cost increase. So, you know, start early, and embrace for impact cause the increase is happening and there's a lot of things that need to be addressed, you know, well in advance of the renewal, particularly any deficiencies and controls, any education matters, things like that. So, thanks Bobby, appreciate your time. Well, thank you all for listening today. Appreciate you taking the time to listen to a line M&A a quarterly update on the state of the market. We work with private equity firms, nationwide and hundreds of portfolio companies. So, I appreciate you taking time to listen to what we see is going on in the marketplace.