Blogs
The data and distribution challenges facing cyber underwriters
Cyber experts from Chaucer and DUAL joined a lunchtime panel event, the first of a series planned by AdvantageGo, was hosted at ACORD’s London office in EC3.
The cyber insurance market that is concentrated in the London market continues to expand its array of underwriting products, as the underlying risk environment and technology landscape continues to evolve apace.
“What’s the ‘next cyber’ for the insurance market?” commentators sometimes ask. Cyber is probably the next cyber, given the growth potential that yet lies ahead for this still nascent, emerging risk market.
In November, the first in a quarterly series of lunchtime cyber talks was convened by AdvantageGo at the London office of ACORD. Scott Sayce, Group Head of Emerging Products, DUAL, and Ben Marsh, Class Underwriter for Cyber at Chaucer, were posed questions by freelance re/insurance journalist David Benyon.
Joining Sayce and Marsh on the panel was also Olly Venables, Pre-sales Director at AdvantageGo, who provided attendees with a sneak-peak demonstration of Underwriting Workbench tailored for cyber.
AdvantageGo has made cyber a priority for its Underwriting workbench, signing a slew of Ecosystem partnerships with cyber risk data and analytics providers – including the latest with CyberCube – as feeds into the “single pane of glass” Underwriting platform, designed to revolutionise decision-making as well as transform efficiency for underwriters.
Distribution developments
The cyber market has already reached $14.5bn, and is forecast to reach $40bn by 2030, Sayce observed. North America remains the heart of the market, where most of its buyers live, but Europe’s cyber market is growing fast, said Sayce, who has an eye on Continental European growth.
For Marsh at Chaucer, on the other hand, it is Middle East markets that are showing headline expansion potential. Not only that, but a trend to grow cyber into more niche products internationally, such as marine cyber, or cyber for nuclear power plants.
“For instance, there is a threat of a malicious actor walking in [to a power station], pulling out the cables and plugging in malware,” said Marsh.
Sayce agreed, suggesting that after the experience of ridding liability business of ‘silent cyber’, that standalone cyber is the way forward, but that cyber services may become tailored to other lines of business, such as directors’ and officers’ (D&O) liability.
The cyber market is already a poster case for insurance innovation, Sayce observed. “In its short period of existence, cyber has already evolved more as a product than the property market has in centuries,” he said.
Technology and underwriting continue to evolve fast together, Sayce stressed. “To enable growth to continue, as a sustainable offering, requires reworking the offering to keep pace with market development,” he said.
The skills of a cyber underwriter are perhaps by necessity a bit different to many other lines in the London market. “We are underwriting led, technology enabled, so that the underwriting is perhaps 50% data science, 50% trading,” Sayce said.
Asked what barriers exist for would-be cyber insurance buyers, both panellists agreed that cost remains a primary hurdle for buyers, despite the competitive dynamics already driving the market.
“Cost is important. Almost every business has a laptop, and that means it has cyber risk, However, if your focus is on cost alone, it’s very easy to buy a cyber product, but it will be one that doesn’t work,” Marsh said.
The solution starts with “brokers, brokers, brokers”, Marsh suggested.
Sayce underlined the role of brokers, and the need to continue to drive more awareness about the value that cyber insurance provides. This challenge is not unique to brokers or buyers, but a talent gap facing the technology sector generally, with millions of IT security jobs unfilled.
More data, please
Both panellists were asked the same question: how much data do you ask from the broker or insured, to be able to review a cyber risk? And both Sayce and Marsh responded similarly: more is more. “The more the better,” Sayce said.
Some of this data comes straight from the broker, but data sources can vary widely, with social media frequently a useful source of information, Marsh suggested.
“We want as much as we can get, anything we can get; there are so many different key considerations,” he said.
Asked what is the first thing he looks for, Marsh said: “The degree of maturity of the insured’s cyber-security maturity is the first hurdle, and their maturity from a purely business perspective, too,”
Also crucial is the company’s liquidity, Marsh suggested, whether reserves are in place to be quick and agile in response in the event of a sudden cyber loss, he suggested.
To this, Sayce added that while the risk factors vary wildly depending by individual risks or industry sectors and verticals, a common focus is on supply chain risk as a single point of failure, as well as a focus on the legal regime(s) in which the client is operating.
How long it takes to return a broker’s enquiry with a quote is also a matter of contention, given the competitiveness of the market and the myriad risks of all shapes and sizes being presented.
“Speed may be of the essence, and that’s where the use of artificial intelligence will come in. However, the process is also about helping insurability. We would look to highlight areas of inadequacy,” Sayce added.