When James Berry (pictured) first joined the cyber insurance market in 2010, there was a question mark over the long-term viability of the burgeoning product line. The chief claims officer for Corvus Insurance highlighted how cyber overcame the initial “fear factor” that it would be consumed by other lines of business by demonstrating its ability to deliver a real value proposition to customers in the face of rapidly growing cyber exposures.
The proliferation of technology and its impact on how people live and work has moved the dial on cyber risk conversations, he said, while widely publicised global incidents have sharpened the focus of companies operating in the mid-size SME space, all the way up to large corporates. The exposures at the heart of cyber risk have grown exponentially in the last 10-15 years – and the challenge facing the market has been how to adapt to these to provide a tangible and timely offering.
“As cyberattacks have become more widespread and more public, we’ve seen the breaking down of some of the barriers around understanding what cyber is and what it’s supposed to do,” Berry said. “Where cyber has come into its own is when it has responded to these events and provided coverage and support, and enabled businesses to operate through some of their worst moments. That’s what has solidified the need for cyber which I don’t think will ever go away.
“I can’t foresee a time when a cyber insurance policy will not be needed. Because, what we’ve seen is that as fast as we develop and grow, there are always going to be [threat actors] who are one step ahead of the game because they don’t have the burden of playing by the rulebook… And it’s the method of choice for criminals now because you don’t have to put on your stripy sweater and your Zorro mask and go into the bank with a gun anymore. This is where we are.”
Given the rapid evolution of the cyber threat landscape, Berry underscored the responsibility cyber insurers have to be market leaders in recognising and mitigating emerging threats. There are two core components to this, he said, the first is insurers bringing their experience of risk and insurance to bear, while the second is about analysing where cyber-as-a-service fits in with their value proposition.
Cyber insurance shouldn’t be limited to just responding to an event, he said, but rather provide a pre, during and post-event service. Whether it’s outreach services, scanning technology or trends insights, cyber needs to operate as an outreach service to insurance buyers and go above and beyond providing risk transfer to offer proactive support and risk mitigation.
Assessing the demand for more proactive cyber solutions, he highlighted that different clients have very different mindsets when it comes to understanding and acting on their cyber exposures. The task at hand for Corvus, now part of Travelers Insurance, and other market players is creating a bespoke response to buyers’ needs, wants and wishes. Key to doing so is working in close collaboration with the broking community, who operate on the front-line of understanding their clients’ requirements.
“Another area where cyber plays a role is in trying to help mould regulation and lawmaking,” Berry said. “A big challenge that we’re seeing with how technology isn’t being used – and privacy tied into that – is that it’s developing faster than the law is being rewritten. Across the globe, there’s a vast change of regulation coming into play across different jurisdictions at different times.
“With that, new laws need to be written or updated to adhere to the way we now utilise technology. And the current way privacy laws are structured needs to be updated to mitigate the exposures faced by the general population to these threats. Cyber insurance should be there to advise, provide insights and help mould these new regulations in line with what’s actually happening on the ground.”
Having served the cyber market for almost a decade and a half now, Berry has developed a keen sense of what constitutes a successful cyber claims offering. Integral to this is having an experienced team, he said, as it’s this experience that allows you to provide empathetic and well-informed information to clients at a time when they’re under significant stress.
Essentially, he said, cyber insurance comes down to crisis management and there is no uniform response in terms of how an insured reacts to a crisis. Therefore, the insurer needs to act as a true partner, providing the voice of reason and experience and operating as a guiding hand through what may well be the worst days in somebody’s career, depending on the nature and severity of the event.
“That experience factor is crucial,” he said. “And it all comes down to the ability to be approachable, to work in partnership with the broker and the client to help them understand that there are different routes and different speeds to reaching the end conclusion of an incident. You need to have all of those elements mixed together and you need access to the best services and the best vendors to respond to the event at hand and deliver the best possible conclusion.”
