Cyber risk is the fastest-growing and uniquely man-made peril for businesses and organizations, and as a result, for the insurance companies that protect them.
CyberCube's cyber risk insurance experts recently released the report 'Thriving in a Digital Era: How Leading (Re)insurers Approach Cyber Risk', which gives an in-depth view of the massive opportunity cyber insurance poses for both meaningful and profitable risk transfer solutions.
This blog will look at some of the insights from the report, curated for cyber liability executives, including the importance of understanding cyber, how to continuously learn about its evolution, and how to leverage the right cyber risk modeling to make informed decisions and reach profitability.
Why insurance executives need to care
Gone are the days when insurers can put off thinking about how cyber insurance fits into their plans and portfolios. Having a deeper understanding of cyber risk is critical to the success and profitability of both insurance carriers and reinsurance carriers — here's why:
- Cyber is the fastest-growing line of Property & Casualty (P&C) insurance in generations, with the market predicted to expand from USD 7.60 billion in 2021 to USD 36.85 billion in 2028.
- Cyber risk is everywhere and unavoidable. With the interconnectedness of the internet and embedded technologies in the physical world, cyber attacks can impact virtually all lines of P&C insurance over time and so all (re)insurers must understand it.
- Finally, (re)insurers that do not offer standalone cyber insurance coverage risk falling behind and are missing out on creating profitable lines of business.
Cyber risk is embedded everywhere
Cyber insurance knowledge vs. uncertainty
While cybersecurity insurance is a unique risk, it isn’t something insurance executives should avoid or fear. Moreover, its similarities to other insurance perils means that underwriters can quantify losses with the right tools at hand.
How standalone cyber coverage compares to traditional lines
While cyber shares many similarities to traditional lines of business, there are some considerations for executives to consider.
Property
Both property and cyber have short tails and a primary concern is their exposure to catastrophe (such as ransomware and fraudulent fund transfers in cyber events/incidences). However, a cyber incident differs from a natural catastrophe event as it is a man-made peril with an active, hands-on-keyboard threat actor.
As a result, the property insurer's customary focus on the 1-in-100 and 1-in-250-year profitable maximum losses (PMLs) may not be appropriate for cyber.
Casualty
Most often, underwriters still manage cyber as a casualty line, given that it grew out of Technology Errors and Omissions (E&O). However, cyber events and cyber attacks are closer to catastrophic risk (property) than the systemic risk that casualty insurance typically has to consider and theoretically can’t be diversified.
Terrorism
Both cyber attacks and terrorism are man-made perils. Nonetheless, cyber events are dynamic, evolving threats that are easier to carry out and occur more often. In addition, they are not bound by geography but rather are often due to reliance on the same technology and subject to the same vulnerability (called a single point of failure or SPoF).
In general, cyber is new territory that brings digital-age perils unseen before by traditional lines (i.e. security breaches, data breaches, ransomware attacks, malware, viruses). As a result, it cannot be managed the same way as P&C. To be profitable in cyber insurance, it is crucial that (re)insurers develop their understanding of risk drivers and their view of risk that uses appropriate modeling.
Models and tools have matured
Given cyber insurance's complexity and relative newness, underwriters must address cyber risk with the appropriate data and modeling. Employing the right cyber data analytics tools can help underwriters fill in knowledge gaps, ensuring (re)insurers get the answers they need.
The industry is finally in a place where cyber models and analytics tools have matured enough to allow carriers to effectively navigate the evolving cyber threat landscape, rather than falling back on cybersecurity data and vendors that are not fit for (re)insurance purposes. Today, (re)insurers rely on cyber models to help them assess profitability, manage earnings volatility, and determine the appropriate use of capital.
Shaping a (re)insurance company's model
Due to the limited historical data and a changing landscape that affects the cyber industry, the right experts are required to create and implement a reliable model that can be leveraged. When vetting a cyber analytics platform, executives should focus on companies that conduct extensive research and monitor current trends and evolutions in both cybersecurity and insurance.
CyberCube aims to help the cyber insurance market grow profitably through the use of proprietary risk analytics, enabling businesses to make better decisions about which digital risks to avoid, mitigate or insure.
Adapting and using the right tools is key to profitability
Over time, cyber risk will transform virtually all traditional lines of P&C insurance. As a result, it is a risk that carriers, MGUs and reinsurers cannot ignore.
According to the report, a healthy approach to cyber involves the ability to manage a book of business throughout its lifecycle and to be able to take action when needed. The appropriate modeling and analytics can enable this — by taking the fast-evolving nature of cyber into account and helping (re)insurers to make more measured decisions.
Manage risk at the point of underwriting
A healthy, profitable portfolio begins with underwriting using the right data. It can give you more control over establishing underwriting guidelines for a consistent data-driven underwriting approach. CyberCube’s approach to risk selection involves delivering the critical insurance-relevant insights and data that underwriters need in their normal workflow, as showcased here:
- Internal Security: Assesses “behind-the-firewall” cybersecurity hygiene and practices.
- External Security: Assess the external cybersecurity perimeter scan telemetry and dark web intelligence.
- Historical Cyber Event and Loss: Calibration intelligence from past cyber events to better understand and quantify potential future threats, impacts, and likelihood.
- Firmographic: Foundational exposure details for companies to inform evaluations.
- Digital supply chain: Technology dependency intelligence to account for how a company’s.
Profitability in a dynamic market
Cyber risk is less familiar to the C-suite compared to traditional lines of insurance. This can lead to risk aversion when considering cyber opportunities, but not (re)insuring cyber could be the greater risk in the long run.
Regardless of a (re)insurer’s place in cyber — whether they are a significant player in the industry, or only just starting to explore it — being open to continuously learning about this line is key to success.
Ultimately, all cyber insurance (re)insurers will need to find their path to sustainability and profitability in this dynamic marketplace. Players in the market should leverage holistic solutions that are adaptable, built specifically for cyber insurance, and easily embedded into existing operations.
If you would like to learn more about leveraging holistic cyber analytics solutions for profitability, read the full report for free — Thriving in a Digital Era How Leading (Re)insurers Approach Cyber Risk.
