The honeymoon is over. Cyber insurance in the last twenty years has emerged from humble beginnings into an increasingly commonplace and necessary purchase for commercial organisations. Cyber is by any measure still a drop in the ocean of overall insurance premiums, but it will continue to grow. As with any emerging product or service, the naysayers weighed in on several fronts. We are past that now but the question remains, what is the price of that risk?
A global pandemic in a digital age has in many ways exacerbated the issues, but cyber-attacks were already increasing in frequency and severity long before Covid-19. We are all well accustomed to making our physical business operations safe and secure but, is the same true of our remote business operations? Experience leads us to conclude otherwise. Insurance can often and quite rightly be maligned for its deficiencies, but the insurance market also drives improvements in risk management. If you can’t insure a house without a lock on the door, why should it be any different for intangible assets?
As cyber-attacks increase, and insurers catch up, an immediate action for many will be to increase prices, restrict cover and only insure certain types of business or those with particular risk characteristics. But this is a short term and unsustainable solution, where instead of growing, cyber insurance could start to stagnate. Longer-term a more considered reaction will be required. As the cyber threat facing businesses grows, could a product be developed to provide coverage for first and third-party losses, with specialised products for some of its current broad constituent parts?
For underwriters, insurers, MGA’s and brokers, data quality, quantity, relevance, and accessibility is essential to drive key decisions that will shape the design, and ultimately the price, of cyber risk coverage. Integration with analytics providers and other third-party experts is part of a new, data-driven ecosystem that delivers essential intelligence. This, in combination with emerging fields of data science, allows data to be structured to build models and projections with increasing degrees of statistical confidence. Underwriters must progressively engage with big data projects, overlaying analytics and specialist insight to assist human interpretation. This data-driven decision making deepens and augments underwriting processes to facilitate a far better understanding of risk management within any portfolio, not just cyber.
The recent SolarWinds hack, which one Microsoft executive reportedly called a moment of reckoning for the entire security industry, served as a reminder that the threat of aggregation risks, while not new, remain very real. Aggregation risk is likely to grow as businesses across all sectors look to increasingly connect and share data with other businesses for a variety of benefits. This underlines how critical it is that underwriters have high quality, reliable datasets and the ability to convert that into intelligence capable of driving underwriting decisions.
As the variants of cyber risk continue to morph, the big question is what is the true price of cyber insurance?
Collectively, the combination of issues currently facing insurers amounts to a moment of truth for cyber insurance. However, in such adversity there is also tremendous opportunity. Insurance, perhaps more so than many other industries, has always been challenged to innovate and rarely has there been a greater need or a better opportunity to do so than now.
Current and emerging cyber threats will seriously test our metal in that regard. Those insurers, MGA’s and brokers that do not innovate, are slow to adapt and remain static are unlikely to survive in this class. Future success will belong to those that respond to the urgent need for innovation and change now, and do so as part of a data-driven ecosystem that makes the intangible intelligible for the benefit of their policyholders, capital backers, capacity partners and shareholders.