Cyber insurance is here to stay, but the rapid pace of development of technology and other external factors mean that accurately predicting what the market and products will look like in 10 years’ time could be anyone’s guess.
This was the message from Shannan Fort (pictured), McGill & Partners partner – financial lines, cyber, who queried whether other lines came under quite so much scrutiny in their early years in an interview with Insurance Business.
“We spend quite a bit of time talking about whether or not this market is going anywhere, how it’s shaping up, whether or not this is a sustainable market, and I always think and wonder, did people talk about property in this way when it was 30 years old?” Fort said. “Did people talk about marine in this way when it was 30 years old?”
Cyber insurance may be a “novel concept” – AIG is often credited with debuting the first true cyber insurance policy back in 1997, while marine cover in some guise has existed for at least 100s of years – but for Fort it has proven its worth.
“It’s [a type of insurance] that is different from other lines of insurance in a variety of ways, but it has clearly been shown to be vital, useful, responsive, and important for a myriad of different companies in their overall strategy for managing this risk,” Fort said. “It’s absolutely here to stay.”
Cyber insurance may not be going anywhere, but knowing what the cover will look like in 10 years’ time is another matter, according to Fort.
“It’s going somewhere, what we struggle with is predicting exactly where that will be,” Fort said. “Just look at the last 10 years and new uses of technology, migration to the cloud [for example], that’s a very different environment than you know what we were talking about 15 to 20 years ago, so the underlying component of what this insurance is covering is continually evolving, and that means that what cyber looks like now is not what it’s going to look like in 10 years.”
Today, companies of all sizes have increasingly seen the benefit of having a cyber insurance policy in place and the global market’s direct premium written swelled to $13.5 billion (£10.6 billion), according to Insuramore analysis. Businesses do, though, have very different needs.
Insurtechs have done a good job of tapping into niches on the risk mitigation front for smaller to medium size enterprises (SMEs), Fort said, but the value proposition for a FTSE250 company, for example, needs to be markedly different.
“For those larger companies, sometimes it’s less about the service offering and more about the sense check, more about offering the CISOs [chief information security officers] and InfoSec [information security] directors the opportunity to support the work that they’re already doing and provide feedback where necessary,” Fort said. “What they don’t need is help in implementing EDR [endpoint detection and response].”
Gone are the days that IT and security leaders at companies felt like a cyber insurance recommendation could be an implication that they were not doing their jobs well enough (“we’ve moved well beyond that”, Fort said); however, clients do continue to weigh up the intricacies of their policies and are conscious of cost and cover.
“There’s still quite a focus on justifying the purchase, justifying the scope of cover, the limit, ensuring the functionality of cover when it would be needed,” Fort said.
Clients are increasingly looking for more data and quantitative information around support to demonstrate “why they’re purchasing what they are purchasing”.
“They’re looking for more innovative ways of providing that cover, as well as making sure that their risk is mitigated and managed but transferred in the most effective way with their alternative risk financing vehicles or alternative approaches to cover,” Fort said.
Fort joined McGill in 2020 having spent more than 13 years at Aon, latterly as the insurance giant’s global broking centre cyber product development leader.
The role of the broker has “absolutely changed” in her time in the market, according to Fort, and brokers are more critical than ever, particularly where it comes to policies like cyber that require a technological understanding and input from company stakeholders who may not normally be involved in the purchase of insurance.
Brokers are increasingly “pushing the market to do more” where it comes to addressing unique client needs and customising coverage, Fort said. Meanwhile, client expectations of their brokers have grown where it comes to cyber.
“That requirement for expertise, it is a mandate,” Fort said. “We absolutely do not want to get around it, it’s something that that our clients not only expect, but demand.”
Fort spoke with Insurance Business at the 2023 Airmic Conference in Manchester.
What are your predictions for cyber insurance over the next 10 years? Share your thoughts in the comments below.