Part two of two. Read the first part here.
Along with China opening up its insurance sector to more foreign participation, its cyber insurance sector will have to adapt in response to its massive exposure.
Insurance Business interviewed Brinton Scott (pictured), managing partner at Winston & Strawn LLP’s Shanghai representative office, and his team to gain knowledge on the legal and regulatory matters surrounding the massive shifts in China’s insurance industry.
Market ripe for expansion
According to Scott, there will be an influx of foreign insurers into China once the regulatory barriers are lessened.
“We anticipate that many foreign insurers will seek to increase their presence in China or enter the market for the first time,” he said. “This is due not only to the opening up of the insurance sector to foreign investment, but also to current market conditions. China is currently the world’s fastest growing insurance market, and its relatively low insurance density and penetration rates indicate ample room for continued growth.”
The changes in the regulatory environment are set to benefit foreign insurers, Scott said, due to several advantages they have over smaller, local players.
“Foreign insurers should have a competitive advantage in China’s new regulatory environment, due to their sophisticated product offerings, strong corporate governance and risk management expertise,” he said. “Foreign insurers are keen to enter, or expand in, China’s insurance market, which is growing rapidly. Indeed, a number of insurers have indicated their intention to do so.”
“China’s rapidly expanding middle class and aging population are currently underserved with respect to traditional protective insurance products, especially in insurance and life,” he said. “The entry or expansion of foreign insurers into this area should lead to increased competition and, ultimately, much better offerings for consumers.”
“We rate the prospects for a cyber insurance industry in China to be very strong because of China’s massive exposure to this risk and because of the rapidly evolving regulatory regime,” Scott said.
He revealed that in terms of exposure, the economic cost of cyberattacks in China is approximately US$60 billion per year, according to data from Allianz.
“[This] makes China second only to the United States (US$108 billion) in terms of its exposure,” he said. “As well, the threat of cyberattacks appears to be increasing and this has led Lloyd’s of London’s CEO to predict that worldwide cyber insurance premium income will double from 2017 levels by 2020. There is no reason to think that China would be exempt from this trend.”
Meanwhile, Scott predicts that changes in regulation will drive demand for cyber cover in China. However, the country’s cybersecurity law can pose a compliance burden for firms, and has met some opposition.
“The Cybersecurity Law of the People’s Republic of China, which came into force on June 01, 2017, imposes onerous obligations, including, for example, an obligation on network operators to immediately inform affected users and the relevant government department in the event of a breach. As such, we expect that it will spur strong cyber security insurance growth,” Scott said.
He added that it may be hard for insurance market participants (i.e., insurers, brokers, and agents) to comply with the requirements of the law, which apply to any organisation operating a computer network in China. These requirements include:
“The Cybersecurity Law requirement that has drawn the most attention is the prohibition on certain transferring personal information outside of China unless it is necessary for business purposes and the transferor has performed a security assessment. Consent of the user may also be required,” he said.
“At this point, [the law] limits the application of this requirement to operators of ‘critical information infrastructure’ and it is not yet certain whether this restriction applies to insurers,” Scott concluded. “To complicate matters further, on April 11, 2017 the Cyberspace Administration of China circulated draft Measures on Security Assessment for Cross-border Transfer of Personal Information and Critical Data, which would subject insurance market participants to this requirement. One way or another, we expect this point to be conclusively addressed in 2018.”