Coalition CEO and founder Joshua Motta called on the industry to rethink its approach to cyber insurance as new risks come into play.
“We need a new type of cyber insurance, a new category of insurance, as the traditional insurance approach is clearly not working,” Motta said at the Marsh McLennan Rising Professionals' Forum.
Motta highlighted data indicating that fewer than 1 million organizations have standalone cyber insurance policies out of a potential market of approximately 60 million companies across the US and EU.
Addressing recent rate fluctuations in the cyber market, he remarked that “typically, when we see rollercoasters like this in insurance, it suggests that the participants don't know what they're doing – which might actually be a valid criticism.”
With the US cyber insurance market forecasted to reach $50 billion in the coming years, Motta posed the question: “How do we get there from where we are today?”
His solution is the adoption of an active cyber approach. Motta noted that nobody wants to go on “this rollercoaster anymore,” and as such active insurance is the answer.
Motta discussed the significant transformation in the business landscape due to the digital revolution, noting that business assets have shifted from being predominantly tangible in 1975 to almost exclusively intangible today.
Despite this shift, he observed that “most organizations continue to protect themselves the same way they did in 1975."
He outlined the standard risk management approach of “accept, mitigate, or transfer,” noting that "the amount of cyber risk organizations today are accepting is enormous.”
“They are almost completely unprepared and do not have the balance sheets, in some cases, to survive a cyber event,” he said.
Motta also asserted that the insurance sector struggles to adapt to this digital business environment.
“Most of the P&C industry is focused on the byproducts of the last industrial revolution. That's how the industry evolved, covering mostly tangible things from fairly well-understood perils,” he said.
Digital transformation, he added, “has made the world we once knew completely unrecognizable.”
“And yet the world of insurance remains totally recognizable. In my humble opinion, you can't underwrite – much less manage – cyber risk in the same way as traditional insurance risk.”
Motta also disputed the notion that there is insufficient data to underwrite cyber risk and understand aggregation potential.
“There has never been more data to interpret cyber risk, to underwrite how it aggregates than there is today. It's just that most insurers don't have it, and certainly don't use it,” he said. “Cyber risk can be quantified, it can be predicted, and it can be actively managed. We don't have to wait around like a traditional insurance company for a claim to be filed, we can actually go out and do something about it.”
Active insurance, as described by Motta, involves assessing an organization's vulnerability to cyberattack and proactively addressing those vulnerabilities to prevent digital attacks. By monitoring live data, it ensures immediate action is taken to contain and limit the impact of any incident.
This approach creates a deeper and more dynamic relationship between insurer and insured.
“In the case of Coalition, I believe in probably 99% of cases, when a customer applies for cyber insurance with us, we know more about their cyber risk than they do,” Motta said.
“Generally, it's the buyer of insurance that knows more than the seller. The best insurance companies in the world have been those that can avoid being adversely selected against. However, if you can reverse that information asymmetry, you can do something very rare in insurance, which is positively select for risk,” he said.
What are your thoughts on this story? Please feel free to share your comments below.
