Historically, the existence of non-affirmative insurance claims was a topic that never came up as a significant issue, much less a discussion topic at insurance conferences. However, silent cyber exposure is now up front and center in every discussion topic for non-property lines of business, and increasingly for property as well. The recent Advisen conference in San Francisco is no exception where there were sessions dedicated to themes that cover both how to address and manage an endemic issue that is not disappearing any time soon.
Some of the themes are familiar to those who have come from property lines of business exposed to significant aggregation events. These include reputational risk driving companies to pay before attribution of loss is confirmed, as well as underinsurance and lack of an effective coverage gap analysis. It is these experiences that historically drive changes in policy terms and exclusions, including increased transparency in definitions and development of new policy endorsements.
Solutions to these themes included the discussion of the role of cyber risk modeling in not only quantifying potential exposure to cyber attacks, but also helping to define the key drivers of risk and how to communicate cyber risk for both the insurer and the insured. Very importantly, the intersection of claims potential and a forward-looking view of cyber risk is an area where models are poised to fill a valuable role.
During the “Quantifying and Managing Silent Cyber” panel moderated by Erica Davis (Managing Director, Guy Carpenter), model credibility and lack of accurate data was identified as a significant issue, especially in the case of silent cyber. A data-driven approach is critical to understanding the credibility of models. In this context data transparency is critical, and according to Jacob Tapper (actuarial analyst at CyberCube), one approach being put forward by the Institute and Faculty of Actuaries (IFoA) and Lloyd’s is delivering transparency in where data is being acquired and where it is being supplemented. Additionally, corollaries to non-cyber events is another area where potential aggregation event information can be incorporated into an increased understanding of what could happen.
Going forward, having access to claims and quality underlying data is critical to any model. However, the theme of transparency in both data and model methodology is another critical aspect as the market continues to adopt models in the rapidly evolving cyber risk landscape. In this environment, forward-thinking data-based approaches can be integrated into the need to stretch the imagination around plausible scenario development and modeling while keeping within the realm of reality.