“We believe cyber is the most pervasive risk in society today.”
Shawn Ram (pictured), head of insurance for Coalition, the active insurance provider, believes that the task of understanding systemic cyber risk exposures was never going to be a simple one – not least given the rapidly evolving nature of cyber risk.
It's easy to understand how the cyber understanding gap emerged when you think about how digital transformation is evolving economic growth globally. Ram highlighted the shift in society that has happened since the 1980s when the S&P 500 assets class was dominated by tangible assets. It has moved from buildings and machinery, to the variety of things that make up intangible assets – among them digital assets, brand and reputation.
“Clearly the digital revolution has caused this risk profile to increase in a material way,” he said.
“So, being able to collect and present that data in a way that allows cedants to frame their portfolio according to their objectives and to drive down loss ratios to increase profitability, those are the unique aspects where a reinsurer can truly assist a cedant in accomplishing their goals.”
Touching on how limitations in accessing the right cyber data and modellng have impacted the re/insurance industry to date, Ram highlighted the ‘material challenge’ that is the variation around what constitutes systemic cyber risk. “If I take a lot at my property portfolio and I evaluate a 10-mile radius in a significant cat-related zone, I can come up with some pretty specific calculations depending on where I am in the world,” he said. “But in cyber, the variance between one belief and another could be literally billions of dollars.”
Cyber cedants around the world are aware of and concerned about this knowledge gap, he said. As a result, they’re looking for the data that will justify any decisions they take around cyber coverage. Being able to actually understand cyber risk at the individual technology level is key because that’s how you can work out where the risks and vulnerabilities are and where you’re the most exposed.
“Much of our world in insurance is built around industry segmentation and around client size,” he said. “But there's a lot of limitations to those topics as it pertains to cyber. Cyber is far more dependent upon the technologies that are being utilized, how they're configured, how often you update and backup, etc. than what industry you're in.
“It's very possible for small companies to have significantly more cyber-related risk at times than larger companies. So, some of the ways in which our industry has been founded on the models just apply very differently to cyber. We think about stochastic modeling in most areas of insurance, but cyber operates differently.”
Embracing that differentiation will be key to the industry’s success.
