When it comes to insuring cyber risks, what is categorized as cyber and what the insurance market covers and faces in terms of risk and opportunities, is changing at lightning speed, making collaboration increasingly important. Insurance Business recently discussed the role of collaboration in cyber insurance with Dr Rachel Anne Carter (pictured), director of cyber at the Geneva Association (GA), a global think tank that seeks to fill strategic research gaps across the insurance and reinsurance sectors and on global risks and trends.
Carter has enjoyed a varied career in the insurance industry, including as an insurance consultant for the OECD, facilitating cyber innovation within the London Market and with the Realistic Disaster Scenario project through Cambridge University. She specializes in cyber, terrorism and cyber terrorism risks and has a deep-rooted understanding of the central challenges facing this sector and the importance of collaboration when it comes to these subjects. Insurers not only need to collaborate with each other, she outlined, but also with other sectors that understand the security and IT sides of cyber risk, or who have access to intelligence that helps promote ‘cyber hygiene,’ or behaviors that make customers safer.
Carter has found that the insurance industry is quite active when it comes to collaboration, though she believes that a core challenge facing the industry is the need to be innovative and forward thinking. Collaboration fundamentally comes down to sustainability, she said, and business approaches need to take into account not just short-term benefits but long-term sustainability for the entire market as well.
“I think the industry is constantly looking at what it can do to try and make cyber underwriting even more sustainable with this future-proofing in mind,” she said. “Ultimately, the more it can do with a full understanding of the risks involved, the more insurance and/or reinsurance it can write. This is a real opportunity for both insurers and society, linking closely to the motto of The Geneva Association, ‘Insurance for a Better World’.”
Collaboration has been an essential theme of The Geneva Association’s work on cyber, and the Association is responsible for several initiatives aimed at driving cooperation within the sector. Carter detailed how the GA recently created a business plan and concept proposal for a cyber incident data exchange repository (CIDER) to enable insurance and reinsurance companies to share data among themselves.
The Geneva Association’s Cyber programme, under Carter’s leadership, is now working on another initiative regarding cyber terrorism and cyber warfare: a collaboration with various organizations that cover terrorism and/or cyber terrorism, and which is operating under the auspices of the International Forum of Terrorism Risk (Re)Insurance (IFTRIP).
Carter explained, “IFTRIP is an organization which has cobbled together the various terrorism pools that exist globally, and they look at international issues and knowledge sharing. Because the issue of cyber terrorism and cyber warfare also encompasses security concerns, intelligence and governmental considerations, we thought [this partnership] would give us a good swathe of the industry and other key stakeholders.
“This initiative underlines the key benefits at the heart of collaboration,” she said, “with knowledge sharing mechanisms and workshops that allow insurers, reinsurers and the terrorism pool to discuss the big issues at the crux of cyber terrorism and cyber warfare.”
“At the last meeting, we had a cross-section of insurance skills in one room,” Carter outlined, “from actuaries to underwriters, CEOs, lawyers and data modellers… They came from Europe, Asia and the US, which is instrumental because while people often know what’s happening within their company or a particular market, they aren’t necessarily aware of how more localized cyber events are part of broader cyber trends. Knowing the global cyber landscape will help the market understand the development of risk types and threat capabilities and therefore model and assess potential aggregated or systemic losses and their impact.
“There is a lot of value added to collaboration, particularly with a risk like cyber,” Carter said. “Those involved thus far find a lot of value in hearing from other primary insurers and reinsurers what is happening in different jurisdictions and being exposed to different ideas. Having a broader knowledge set puts you in a better position to make judgments about your own risk.”
The traditional approach of the insurance industry is to be quite reactive to issues, she explained, and collaborative initiatives such as those carried out by the GA are an opportunity to be proactive when it comes to systemic problems such as cyber.
“Collectively enhancing our knowledge not only strengthens the industry and its partnerships with key stakeholders, but it also enables the industry to educate other interested parties,” Carter said. “Cyber is bigger than any one individual player or company or market, and the only way the sector can be stronger against its cyber adversaries is if it works together.”