A panel at the WSIA Annual Marketplace in San Diego, hosted by AM Best, discussed the evolving cyber insurance landscape, focusing on a shift toward longer-tail claims.
The panel included David Blades, associate director at AM Best; Steve Robinson, national cyber practice leader for RPS; and Deuayne Crawford (pictured above), head of wholesale cyber and technology underwriting for AXA XL.
During the panel, Crawford highlighted new risks tied to unauthorized data collection, including the use of pixel technology without proper disclosure or consent, raising privacy and regulatory concerns. He also pointed to trends in artificial intelligence (AI) involving intellectual property infringement and privacy issues.
“We're looking at a lot of exposure related to third-party vendor risk. A lot of clients rely on a third party to do some sort of outsourced technology work, and that third-party vendor may have some issues, which will impact the client, which is not a fault of their own,” he said.
Blades expanded on AI-related risks, emphasizing that insurers are still exploring the full scope of these risks. He noted that while AI brings potential benefits, it also introduces new security challenges.
“I think from that perspective, cyber risk is still going to be fast-moving, and it's going to need the types of insurance solutions I think that surplus lines companies in particular can provide,” Blades said.
Robinson commented that AI reflects a broader trend in cyber insurance, where the focus has shifted from technology to a multidisciplinary issue involving legal, human resources, and marketing considerations.
“AI, more specifically, in pixel tracking and things like this, now the marketing team needs to be a part of the risk management team and they need to be coordinating their efforts,” Robinson said.
The panel also addressed the issue of unauthorized data collection, with Robinson clarifying that it mostly involves privacy concerns related to biometric data and website tracking, rather than deep fakes.
“Because then we construct a run afoul of certain privacy laws that really talk more about just the unauthorized release of private information but also how you use or store or capture or get rid of that data and that becomes important also,” he said.
Despite several high-profile cyber incidents in 2024, panelists noted that capacity and pricing remain favorable. Robinson said that while certain industries were significantly impacted by specific security breaches, the effects were less pronounced in the small and medium-sized enterprise (SME) sector.
“Also, it was something that could be remedied fairly quickly through manual, a lot of IT people staying up late at night and on a weekend doing work on that. It didn't have the reverberations through the market that maybe we initially feared,” Robinson said.
Blades emphasized the role of surplus lines in addressing cyber risks, explaining that these markets are well-suited to provide the necessary flexibility and specificity in coverage.
“I think surplus lines companies possess the required creativity and the tailored coverage that is specifically needed for cyber risks and other types of emerging risks, emerging technologies, especially for companies that are changing and adding to their technological capabilities,” he said.
Robinson echoed this sentiment, stating that cyber risks are dynamic and require a flexible approach from insurers. He mentioned that insurers are constantly exploring new coverage ideas to stay ahead of emerging risks and better serve clients.
What are your thoughts on this story? Please feel free to share your comments below.
