Sarah Stephens, Partner and Head of Cyber at JLT Specialty explores the current state of the cyber insurance market, what's working and what challenges companies need to tackle to emerge successful. Sarah will be presenting on this topic at InsurTech Rising Europe, September 11th in London.
In the current climate of the cyber insurance market, there are lots of opportunities for insurers to use the new technology available to create cyber risk profiles for their clients’ companies to help better assess their insurance needs. Technology start-ups are monetising their new products to assess cyber risk for businesses and help them utilise the tools available to them that complement the cyber insurance policies they have in place.
So how are insurers and start-ups targeting the cyber insurance market? We spoke to a few companies in this space to get their latest insight.
Boris Ćorović from JLT Specialty, a global risk adviser and insurance broker, believes that SaaS (software as a service) platforms, which dynamically assess insureds’ cyber security risks and benchmark them in order to affect the rating accuracy granted by their underwriter partners, appear to be the leading offering from technology start-ups. These platforms are offered by companies like SecurityScorecard and BitSight Technologies, whose business models hold collaboration with incumbent insurers at their core. He comments that: “This is a model that has attracted millions in investment from VC funds and shows real room for growth in the years to come.”
Coverage for cyber risks has never been broader, and it is now possible to purchase coverage for loss exposures that were previously unavailable in the market
Joshua Motta, from insurance-enabled technology firm Coalition, is impressed by the way insurers are adapting their coverage to respond to the growing risk exposures organisations face as they adopt more technology. Coverage for cyber risks has never been broader, and it is now possible to purchase coverage for loss exposures that were previously unavailable in the market - including coverage for property damage, bodily injury, computer replacement costs and funds transfer fraud. Joshua said: “This expansion has made cyber insurance of far greater relevance to organisations across all industries, instead of just those with overweight exposure to breaches of personally identifiable information (PII), or private health information (PHI).”
Cyber security consulting firm AXIO recently partnered with AIG to improve their insights through integration of underwriting tools like CrowdStrike and Darktrace data. CrowdStrike uses SaaS endpoint protection, while Darktrace uses artificial intelligence to identify and respond to cyber threats. Scott Kannry from AXIO feels that: “Insurers have done an incredibly good job at putting together comprehensive loss mitigation and remediation insurance solutions for businesses to satisfy their cyber response needs.” These solutions can be tailored to the standard needs of small and medium enterprises (SMEs) and simultaneously the more complex needs of larger businesses, depending on the capabilities of the insurer.
Scott goes on to add that “the other success of insurers is their development of an evolving product suite that delivers on its promises and consistently results in pay-outs for its customers. Cyber claims are paid by an overwhelming margin when the correct cover is in place.”
Cyber represents a growing risk for SMEs, but tapping into this market requires deep marketing budgets.
Given the rapid rise of the cyber insurance market, emerging players face a number of challenges. We asked our panel for their views on the key obstacles.
Boris Ćorović from JLT Specialty talks about the initial challenge of credibility for more ambitious start-ups like Coalition. Cyber represents a growing risk for SMEs, but tapping into this market requires deep marketing budgets. The challenge for Coalition and other technology start-ups is how to “win the trust of their prospects with no reputed depth of experience to draw from.”
Sidd Gavirneni, CEO of tech-enabled insurer Zeguro, mentions the roadblock of distribution to SMEs: "Data is critical to insurance, and the only way to get data is to be great at distribution. So far, most insurers and start-ups in the cyber insurance market have done a great job at distributing to large enterprises and getting insights about their security postures. However, the next big challenge will be to do the same in the SME segment”. He adds that collecting data at the SME level will “provide a virtuous cycle in which these smaller businesses see enough value to increase adoption, get an X-ray of their security posture to gain better insight, and make it work for the current distribution channel's economics."
Joshua Motta from Coalition highlights the growing importance of prudent underwriting, as coverage expands and competition increases. He goes on to say: “As the information basis for underwriting cyber insurance remains illusory, those insurers or start-ups that are able to tackle this challenge by leveraging technology, including big data and machine learning, will have a significant advantage moving forward. Not only will they be able to avoid the pitfalls of adverse selection, they will have profoundly more insight into how to help organisations prevent losses in the first place.” He believes that insurers need to embrace technology to create a real solution to cyber risk.
As it stands, catastrophic events usually leave the company with the bulk of the financial repercussions, as the current capacity and availability of certain segments of cyber risk are not accounted for.
Scott Kannry from AXIO believes that the growing need for extra capacity, as the various industries start to fully understand what ‘cyber’ is and what their risks entail in their entirety, is the next issue for insurers and start-ups. He adds that “further evolution of cyber risk education is needed in the meantime.” As it stands, catastrophic events usually leave the company with the bulk of the financial repercussions, as the current capacity and availability of certain segments of cyber risk are not accounted for.
In summary, insurers and technology start-ups are targeting the growing cyber insurance market through the use of innovative software that makes assessing and pricing risk much quicker and more accurate for companies of all sizes. Through this reduction and pooling of risk, premiums can be lowered. There is also more potential for capacity to increase within the market, as companies become more aware of what ‘cyber’ is and the various risks facing them from an increasing number of hackers. This advancement in technology works in the interest of companies, as they reduce their risk and the premiums they have to pay, as well as improving the relationship between start-ups and insurers, as they work together to boost capacity within the market.