Cyber insurance is many things: it’s emerging, it’s evolving, and it’s misunderstood. But, whatever else it is, it’s here to stay and the offerings are getting better by the day.
Insurance Business spoke to three experts in the cyber field to hear their views on the state of the current market, what the big risks are, and to try to envision what might happen next in this space.
Mike Palotay, chief underwriter at NAS Insurance
“I think from an insurance buyer perspective, the market has not been better, ever. Rates are coming down and the breadth of coverage is expanding rapidly… and most of your potential loss is covered by insurance,” he said.
“In a way, that is kind of concerning for the risk takers – there is certainly an increased frequency of attacks and some recent concerning large scale attacks, like Wannacry and Petya. Those have crystalized the risk takers’ view that aggregation is a real risk.”
Because cyber insurance is such a new product – unlike other threats, the internet didn’t really exist in the mainstream 20 years ago – it’s difficult to predict what might happen next in the market. Unlike other insurance products, there simply isn’t the same breadth and depth of “multi-decade actuarial tables” available.
Search and compare product listings for Cyber Insurance from specialty market providers here
So, figuring out what might happen in one, three, five, 10 years is “like the billion or trillion-dollar question,” Palotay said.
“I don’t have a crystal ball for what’s possible [but] I know what I fear the most from our book of business,” he said. “Our biggest risk from an aggregation perspective is from what we would call a dependent service provider, [for example] Amazon Web Services, or any other large server system. A lot of my insureds rely on that service being up in order to do business.
“That’s my biggest fear. It’s not Wannacry, it’s not Cryptolocker viruses, it’s not any of that. It’s when one of these huge [third party] providers, that I have thousands of policies relying upon, when that goes down for an extended period of time, it’s going to be a really bad day.”
Don’t miss our new cyber webinar on November 23
Steven Robinson, area president for technology and cyber at wholesale brokerage Risk Placement Services
“Cyber is still very much a developing market. It’s changing fairly rapidly. [But] there’s still lots of capacity … and no shortage of carriers who want to write this business,” Robinson said.
Perhaps unsurprisingly, it’s the same “fear” that Palotay referenced that also concerns Robinson. Aggregated risk from a massive server outage is the greatest threat in his opinion, also.
“Pricing, I would still say for the small business sector we’re still seeing it go down … and coverage expanded. I think we’re going to find the bottom there,” he noted. “And I think what is going to cause the market to harden will be … aggregated risk – when we start to see losses by cloud providers or IT service providers that service a wide array of the marketplace. One breach at a central point would have a horizontal effect on the market and you will start that [pricing] creep up a bit. We haven’t seen that really yet but I think it’s inevitable.”
In terms of current analysis of the retail agency space, as a more immediate risk to market reputation, Robinson said that what is on offer from carriers is complex and inconsistent – making it difficult to understand and sell without advanced understanding.
“There is still a lot of disparity in the market between what’s covered and what isn’t, what things are called, definitions and exclusions, terms. It’s very intricate. It really does call for [someone like a wholesale broker] really knowing that space, or a retail agent really having knowledge of it, otherwise you stand to sell a product that isn’t going to cover at all what your client thinks it is.”
Brook Dutcher, underwriting manager for technology and cyber at Tokio Marine HCC’s professional lines group
“The market is constantly evolving, it’s highly competitive, [and] there’s more capacity in the marketplace than I think people realize,” Dutcher said.
He added that the nature of coverage appears to be changing, for the better – enabling more and better products.
“The nature of the coverage and even the nature of the regulatory environment has predominantly been reactionary. [But] we’re moving more, I think, from a reactionary posture into more of a proactive, more accommodating stance with the nature of emerging exposure.”
Crystal ball-gazing, looking ahead at what might be, Dutcher anticipated even further development of, and incorporation of, cyber modelling.
While it is happening already, there is room for further innovation to help make the cyber market even stronger, as well as helping actuaries and underwriters offer more tailored sector and individual products.
“In the context of, you know, cat modelling for hurricanes, and even considering something like telematics like it’s used in the automotive industry, I think being able to quantify risk and exposure, moving in to the underwriting process in cyber risk …these are tools that were not at our disposable six or seven years ago,” he said. “All of these things help us … [to] find a more relevant value to what that risk transfer looks like.”
Do you have an issue you wish to discuss or see featured in our market analysis section? Reach out to Sam Boyer now – [email protected]
Related stories:
Burns & Wilcox launches cyber extortion product, expands to Western Canada
SMEs are at high risk of cyber breach - Chubb