Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


Captive insurance may be the solution amid rising cyber claims

Jun 12, 2022

The growing prevalence of cyberattacks not only threatens the core functioning and reputation of your organization but also jeopardizes your ability to purchase the very insurance you need to reduce those risks.

Ransomware attacks against corporations were up 323% from 2019 through 2021, according to a recent Aon report. The reality of more employees and contractors working from home makes systems and networks more vulnerable to cyberattacks, which is exacerbating overall risk.

The result is more claims and more damages paid by insurance companies, which has led to sharp increases in premium pricing and tighter underwriting — and that has made needed coverage harder to obtain.

Insuring cyber liabilities through a captive

Rather than trying to negotiate feasible coverage through a commercial insurance provider in these difficult circumstances, risk managers may find that captive insurance is a better option for managing cyber risk.

Your organization can effectively create its own insurance company within its existing structure to provide insurance to noninsurance entities of the organization. It underwrites the risk for the operating subsidiaries of the parent company. It can function either in lieu of or in addition to commercially written coverage on certain risks and liabilities like those posed by cyberattacks.

The financial advantages of a capture plan are significant. Insurance costs are likely to drop by avoiding the commercial insurance company’s overhead and profit costs. Assets of the organization that back the reserves for unpaid claims are held in the captive, and they can be invested in accordance with the organization’s investment strategy. A key tax benefit is that the investment income on those assets, earned via the captive, may not be subject to state income tax.

Benefits of captive insurance

Here is a rundown of other benefits of captive insurance:

  • Stabilized risk financing costs: Optimizing an organization’s risk retention through a captive potentially shields the parent from insurance market volatility.
  • Improved insurer purchasing power: Bundling the organization’s risk through one entity may improve its purchasing power. The organization can retain more risk than the sum of its individual subsidiaries without endangering its overall position.
  • Direct access to the reinsurance market: Reinsurance carriers may offer better rates, coverage or services. Access to reinsurance helps if a specific type of risk becomes uninsurable or prohibitively expensive.
  • Cycle management and independence: Retaining more risk provides the organization with greater independence from capacity constraints in the insurance market. Through the captive, the organization can choose how much risk to retain depending on market cycles.

Captive insurance companies are typically formed to meet the risk-management needs of the owners and members of an organization, providing financial, cash and tax benefits similar to those associated with closely held insurance companies.

Captive insurance provides immediate relief from cost pressures of skyrocketing premiums and builds a more self-sufficient funding dynamic that relies on accrued profits of the organization. They are currently in use by more than 90% of Fortune 1000 companies.

Setting up and maintaining a captive plan involves many considerations, including feasibility assessments, its proper structure, level of capitalization, in which state or country it should be domiciled, as well as investment and tax planning. 

How Wipfli can help

As complex and potentially less familiar insurance programs, captives create new challenges for businesses that decide to leverage them. Amid rising cyber threats that make commercial insurance more difficult to access, Wipfli professionals can help you determine whether creating a captive program makes sense for your organization. We can also review an existing captive plan and help you navigate any needed changes. Contact us to learn more.

Sign up to receive more cybersecurity content in your inbox, or continue reading on:


Gregory J. Domareki
View Profile