Insurers, Tech Firms Struggle to Keep Pace with Cyber Risks
Despite progress, carriers are still falling short in how they approach cyber insurance and also how they cover events when they happen.
How can this be? The unique makeup of cyber risks continues to hold them back, according to experts who spoke on Sept. 24 during a panel discussion at InsureTech Connect in Las Vegas.
“The thing with cyber is it’s not predictable. It doesn’t respect geographic boundaries. Cyber risk happening in Europe could also be happening at the same time in the U.S.,” noted Siobhan O’Brien, a panelist and head of Guy Carpenter’s Cyber Centre of Excellence for International and Global Specialties. “It can hit every type of business at the same time.”
Keith Moore, a panelist and CEO of online insurance comparison shopping platform CoverHound and CyberPolicy, a subsidiary that helps users buy cyber insurance, acknowledged the challenges that remain.
“We feel that cyber [insurance] is the first borderless product,” Moore said. “It’s very difficult to predict who is going to be impacted and when they are going to be impacted.”
Rotem Iram is co-founder and CEO of At-Bay, a cyber insurance managing general underwriter and insurtech startup. Speaking on the panel, Iram noted “it is a lot harder to predict cyber but also to react in the time frames that are required.”
Panelist Pascale Millaire, CEO of cyber analytics firm CyberCube, said that the cyber insurance market remains positive for carriers, arguably producing some of the most favorable attritional loss ratios out there. He noted, however, that the full picture of the risk landscape hasn’t yet become clear.
“In terms of building a strategical capability within your insurer, [there are] long-term strategic advantages of being in the cyber insurance business,” Millaire said. “The ‘but’ comes in when it comes to potential for catastrophic cyber aggregation accumulation from events that haven’t happened before…Underwriting profits in recent years don’t tell the full story.”
Cyber insurance continues to move forward despite the fast-shifting risks in the sector. One reason: Customers are looking much more closely at their coverage to make sure they are covered under existing, older policies in order to keep up. They’re increasingly much more aware of their needs as cyber coverage becomes necessary, O’Brien said.
“For example, direct retail clients previously believing they had coverage for cyber are now clearer about the intent of their policies and therefore are looking for alternative” options such as cyber-specific policies, she added.
Millaire said cyber is a transformative risk. “We are just at the tip of the iceberg today” in terms of what those risks will impact in an Internet-connected world.
Iram agreed, pointing out that he sees cyber risks as an opportunity for insurers to lead the way toward better understanding and risk management.
“Insurance has a chance [to set the terms for cyber risks] because of its vantage point. Insurance is very credible in guiding business in terms of what matters,” he said.
Iram added that carriers can be “market standard setters” and that underwriters can and should lead these efforts.
Panelist Michael Reitblat, co-founder and CEO of Forter, disagreed. Forter is an insurtech designed to provide a fraud-free payment environment for online transactions, and he said that tech companies can and should set the tone for addressing cyber risks.
“In my view, it may be a bigger opportunity for technology providers of cyber solutions to do what they do,” he said.
Iram, on the other hand, pointed to brokers as key for the evolution of cyber insurance and cybersecurity.
“We can be smart, but large clients will never buy without a broker, and [those brokers] need to be comfortable with what they’re selling,” he said. “This needs to make sense with the broker [and client] and needs to make sense within the framework of selling an insurance policy.”
O’Brien, a former broker, said cyber insurance will have a smoother transformation if the industry is more nimble and better able to talk to retail clients in order to fully understand their cyber exposures and risk management measures in place. She pointed out that these skills go beyond what traditional brokers have done.
“It’s not what a traditional broker can do,” she said. “You can never look backward with cyber. You always have to look forward and try and think [about the next potential risk]. That requires technology companies. That requires AI and cybersecurity companies all working together to help underwriters write with greater credibility and greater profitability.”
One change in the cyber insurance climate needs to come from agents, according to Moore.
“Cyber is undersold right now because agents and brokers sell it like they do every other line,” Moore said. “It’s not just standalone paper you are handing somebody.”
Cyber insurance five years from now will be increasingly handled by large carriers that create “towers for large enterprise risks” with various tools and technology to aid their efforts, Moore predicted. He also expressed hope that there will be much more education among businesses large and small about how to mitigate cyber risk.
“A lot more education has to happen in the next five years or we are all in a world of hurt,” he said.
Iram envisioned much more carving out of cyber P/C insurance risks from other lines and risk becoming primarily digital.
Millaire said he hoped insurers will swoop in to take advantage of the opportunities created by the evolving landscape of cyber risks.
“Almost every line of cover is being transformed by cyber risks and Internet-connected risks,” he said. “It will mean that cyber is not a niche topic…that it really is risk in the 21st century.”
Reitblat said he sees the future of cyber as one of consolidation from all sides.
“I expect consolidations between insurers and [technology companies], I’m not sure from which end,” he said, noting the future will involve carriers having the “ability to control risk rather than just underwrite.”
O’Brien expects the future to include a few new developments, such as the current $4 billion cyber premium base growing up to 3-times its current level. She also predicts carriers will become technology platforms so they can better sell and service cyber insurance and that technology companies in the space will morph in form closer to insurers.
Cyber insurance will also trump any other corporate coverage, O’Brien said.
“Cyber risk in five years will be the top risk of every company,” she added.