How to unlock the potential of the growing cyber market
Data sharing will be the key to unlocking the potential of the growing cyber market.
The insurance industry and its clients need to regard cyber as the most connected form of insurance and do more to exploit the data available to them to improve levels of cover, industry leaders agreed.
During a panel discussion on ‘how insurers and startups are targeting the growing cyber insurance market’, led by Matthew Gant, partner at Instech, the panellists agreed the opportunities will be found in how well the two parts of the market can cooperate with each other in order to realise the full potential of the growing line of business.
“Everyone is exposed to cyber and everyone should be looking at it in a meaningful way,” said Gant, citing figures from Cambridge University which recorded a $1.5 trillion overall loss from cyber related incidents in 2017 and on 17% of this was insured.
He went on to challenge the industry, viewing the large economic losses as a result of cyber as a failure of the insurance industry which has been unable to provide adequate protection.
As an industry we shoot ourselves in the foot by giving cyber add-ons to every other traditional insurance policy which is largely terrible and not very broad coverage
“One of the problems is that a lot of clients first think that they’ve already got coverage for cyber,” said Sarah Stephens, senior partner and head of cyber, content and new technology risks at JLT Specialty.
“As an industry we shoot ourselves in the foot by giving cyber add-ons to every other traditional insurance policy which is largely terrible and not very broad coverage and clients think, oh it’s fine, I’m covered, and it was cheap. This was what was recommended to me,” she added.
But Stephens has found the problem goes beyond this. “When I speak to clients, there is definitely a view that the standalone products out there are not as customisable as they need them to be and they are therefore put off from buying them.”
However, big events like the June 2017 NotPetya virus, where losses are now expected to exceed $3bn with the majority emanating from silent - or non-affirmative - coverage, are expected to have an impact on the way in which businesses look what they’re purchasing under their cyber policy.
“These incidents do have an impact, but it’s just not a wide spread cover,” said Stephens. “We see reaction buying and that’s good because this is definitely the largest market loss in the cyber market out there.”
Eelco Ouwerkerk, industry director, wholesale & retail at Aon, Sidd Gavirneni, chief executive and co-founder of Zeuguro, and Andrew Martin, chief executive of Dynarisk, also joined the panel.
Dynarisk’s Martin said education will need to play a much bigger role when it comes to this line of business. “We also acknowledge that regulation is playing its part in this also,” he said.
Data sharing is a problem as no one wants to share it – we’ve got all these great sources of data but people keep it locked up in their own boxes.
“As business we were hoping that GDPR would be a great catalyst for the demand in cyber security and cyber insurance, but it’s not yet had the impact it was hyped up to have but it’s still early days,” said Gavirneni.
Aon’s Ouwerkerk said that many of the issues surrounding the development of the product lie in the fact that there is “simply not enough historical data” which the panellists believe could be solved – to some extent – by a commitment to data sharing.
“Data sharing is a problem as no one wants to share it – we’ve got all these great sources of data but people keep it locked up in their own boxes,” said Ouwerkerk.
“A great business idea would be for someone to act independently, aggregate the data and sell it back to industry,” Stephens added.
“GDPR could assist with data sharing also, as if you anonymise the data, you can do much more of it in terms of profiling and taking stock of different stages of data richness,” said Gavirneni.
New emerging risks
The panellists were asked to think about emerging risks that will present themselves later on this year and into next year – some of which the insurance industry is expected to find challenging.
“The theft of crypto is something I think is going to blow up,” said Martin. “There have been some big big heists of crypto currencies and these have amounted to some big losses but I’m not sure the insurance industry is going to want to get anywhere near that and I can see that being a challenge.”
Ransomware attacks and data breaches were identified by all the panellists as risks which will continue to persist and evolve in nature.
The recent British Airways data breach of over 300,000 records is considered to be the largest breach since the implementation of GDPR and is expected to be the poster child of how that regulation will come down on businesses and test the industry’s resilience of the fines that are expected.
Gavirneni also spoke of a “misplaced trust in blockchain”.
It has great applications and uses, but they’ve not really been tested. Security research hasn’t got to a point where everyone knows what the risks are and I think there could be some real surprises there,” he said.
Cyber risks and the need for insurance for it will continue to come to the forefront, so insurers need to decide how they want to get ahead of it.