A growing number of companies are now unable to buy cyber cover because of capacity restraints and dwindling carrier choice, warned Shannon Fort, partner, financial lines-cyber at McGill & Partners.
Speaking during Advisen’s 2022 Cyber Risk Insights Conference in London yesterday, Fort said she is seeing more companies than ever before unable to secure cover from cyber insurers in the London market and beyond.
“It is a bit disconcerting I think to see that happening for the first time,” said the broker, during a panel debate on the state of the increasingly hard cyber insurance market.
Fellow panellist Alec Cramsie, head of London wholesale cyber and tech at Beazley, argued that cyber insurance buyers still enjoy a competitive London insurance marketplace and most can therefore find cover. But he agreed it wouldn’t be good for insurance buyers or carriers if this situation changed.
“I think it is still a market. So what I think is a good risk, others might think differently. We will have people that look at data and analyse it differently and make different decisions. So as long as there is a market, there will probably be a home for most companies seeking insurance. What would be a concern is if we got to the stage where there are too few markets and there were no choices. I think that would be a shame for this market because to me that sounds like it would be shrinking,” said the insurer.
However, Fort responded: “I think arguably some of us might say we are a bit too close to that for comfort.”
Cramsie conceded that insureds with a poor cyber risk profile might struggle to secure cover but made the point that insurers shouldn’t be expected to take on bad risks that are likely to lead to losses.
“Arguably, if you have such a poor risk profile, should we take on the risk as insurers of something that we know is potentially going to give us a loss? I think this is where data can help us make much more important judgements about our insureds. I think the market has come from a place where it has been trying to sell a product, to now trying to define what is sustainable in our market. It’s not that we don’t want to pay claims but we want to pay the right sort of claims. So we don’t want to walk into known losses. Should we be insuring someone who just wants to move a business risk onto our balance sheet? I am not sure we should,” he said.
Cramsie expects pools to come about in the future that might take on this type of cyber risk, much as they do for doctors malpractice and other risk areas.
Michael Shen, head of cyber and technology for the London market at Canopius, said if insurers’ demands on companies to improve their risk profile were pushing out a disproportionate amount of cyber risks from the market, buyers would have a big problem. But he does not think that is happening today.
“I don’t think we are there. From what we have seen, probably 90% of the risks that are being asked to make these controls are able to do so,” he said.
Shen said efforts from insurers to clean up their books and ask for better cyber risk management are ultimately about ensuring the market is sustainable, and should ultimately help keep rates in check.
“We do want it to be this virtuous circle where we can underwrite better risks and provide data back to insureds on how they might improve their risk and what sort of things we are seeing on our books that can help them make investments in the right areas. That pool of risk will subsequently experience less claims, so that we can then reduce the premiums,” he said.