Bridging the cyber gap: expansion through technology, capital and collaboration

AdvantageGo hosted its latest quarterly London market lunchtime cyber event, touching on cyber cat, the impact of AI, and global distribution hurdles for cyber cover.

As cyber threats evolve in scope and sophistication, the insurance and reinsurance markets are racing to keep up. A lunchtime cyber panel event in London tackled this challenge head-on under the theme “Bridging the Cyber Insurance Gap: Strategies for Market Expansion.”

Bringing together voices from broking, underwriting, technology and analytics, the session explored how the sector can unlock demand in underserved segments, including SMEs and emerging markets, while addressing structural weaknesses in reinsurance and improving the industry’s modelling and risk quantification capabilities.

Hosted by AdvantageGo at the Pan Pacific Hotel in the City of London and moderated by freelance journalist David Benyon, the panel featured Richard Brand, Account chief technology officer for insurance at Microsoft; Oliver Brew, Cyber practice leader at Lockton Re; Cameron Brown, Head of cyber threats and risk analytics at Ariel Re; and Rebecca Bole, Head of strategic engagement at CyberCube.

Underserved but digitised

Bole said there was considerable “runway for increased penetration” in smaller companies and new markets, citing CyberCube analytics showing growth in Latin America, the Middle East and India.

“India is an interesting example,” she said. “Very rapid growth from a very small start – tens of millions to hundreds of millions today –with a really rapid growth potential there.”

Many small businesses still lack the internal resources to fully understand or insure cyber risk.

Brand said Microsoft was engaging on this challenge using three levers: visibility, incentives and collaboration. “You can’t insure what you can’t see,” he said. “Many clients don’t have that insight into what their security posture is… The tools in this space are now quite well developed. Microsoft provides many of them.”

Incentives and premium discounts could help drive uptake, he added, while stressing that no single provider or insurer could tackle systemic cyber risk alone.

“We need much greater collaboration,” he said. “That means proper data-sharing platforms, standardisation, and better support for small organisations.”

Capital, cat and a cyber retro gap

As the cyber market matures, the conversation turned to how capital is supporting its next growth phase.

Brew noted that cyber reinsurance only recently evolved from being folded into broader casualty treaties to becoming a standalone class.

“It’s been a very profitable class of business,” he said. “Insurers now want to keep more of the premium. Reinsurers want to cap their downside. That’s driven a shift from proportional to non-proportional and catastrophe protection.”

Brown said Ariel Re was seeing capital flows from hedge funds and insurance-linked securities markets into cyber catastrophe risk.

“That’s now a new source underpinning a lot of the cat risk,” he said. Strategic partnerships and tech integrations – such as embedded coverage through managed service providers – were helping unlock SME access to insurance, he added.

However, Brown warned of fragilities in the retrocession market.

“There’s not enough money out there to back some of the primary carriers, especially on tail risk,” he said. “

We need better modelling and more data to understand the exposure. Maybe we can learn from COVID or the GFC – if there was a cyber-attack on financial markets, would it mimic that?”

The case for public-private partnerships

The limits of private sector capital sparked renewed discussion about public-private partnerships (PPPs), with panellists citing terrorism and flood insurance schemes as possible templates.

“A bad day could certainly exceed the willingness and ability of the private sector to respond,” said Bole. “A really massive systemic, catastrophic event could exceed that. So there is a place for public-private partnerships.”

Brew argued PPPs should be seen as enablers of market growth, not as burdens on governments. “

The reality is that government becomes the insurer of first resort if there’s no other mechanism in place,” he said. “A backstop allows a buffer to be established… It gives insurers confidence the market can be supported in the extreme case.”

AI: game-changer or gimmick?

To round off the session, the panel debated AI’s growing role in both threat amplification and risk modelling.

“Last year, a third of Microsoft’s code was written by AI,” said Brand. “It’s a massive accelerant. But threat actors are using it too. Deepfake videos, cloned voices, real-time exploitation – the threat is increasingly sophisticated.”

Brown agreed that the balance of power was probably skewed in favour of the criminals.

“There’s a huge disproportion between defenders and bad actors,” he said.

“They’re mining breached data, profiling organisations, and identifying waypoints in the supply chain. They’re not just deleting the data anymore – they’re keeping it.”

While others touted AI’s potential in modelling and underwriting, Brown struck a cautionary note: “We’re definitely at a major disadvantage as organisations when it comes to AI in our battle against the threat actors.”

Discover more insights and solutions from our cyber initiatives, by exploring our Cyber Insurance & Risk Analytics Software.