Cyber cover going on the cheap say underwriters
A lack of actuarial data, high capacity and competition are all helping to reduce rates for what is a new insurance product with a relatively low take-up.
However, this may change as underwriters become better acquainted with cyber exposures and once new EU rules governing data protection and the introduction of fines and mandatory notification in the event of a data breach likely increase claims, coverage and, consequently, price.
“Cyber is a new book of risk and it is evolving all the time,” said Neil Arklie, Senior Underwriter at Swiss Re. “We are learning, gathering data and trying to assess risks and give an accurate price. But there is too much capacity in the market and this is forcing the price down. Right now it is probably underpriced so as we learn more and gather more data, don’t be surprised if the price goes up.”
hide
The implementation of new data protection regulations will also be pivotal, said James Tuplin, Senior Tech PI underwriter at Allianz, which is about to launch its own cyber insurance product, thereby adding to the capacity in the market.
“Rates are falling through the floor at the moment,” he said. “There is a lot of capacity and no new EU regulations yet so in the next two years, and provided there are no large claims, cyber insurance will be as cheap as it can be. We are still not at the bottom because there are new entrants coming in and it is all about supply and demand. But when the EU data protection rules are fully implemented in 2016, prices will start to go up.”
In addition to the pricing issue, there is also a concern over the inconsistent way cyber insurance products are offered-as stand-alone products in some instances and as extensions of existing policies in other.
As one delegate remarked, insurers are going to great efforts to promote their new stand-alone cyber products but they continue to offer extensions to existing policies and clients are consequently confused about which direction to go.
According to Geoff White, Underwriting Manager Cyber, Technology and Media at Barbican Insurance, insurers’ preference is for stand-alone products, as is the case for a number of small and mid-sized firms. “There is a resistance to a broadening out of existing policies. I don’t think it is right.” The concern, said Mr White, is that underwriters looking to extend policies are doing so because of a lack of understanding of cyber risk and they will suffer as a result.
The challenge for insurers is to try and predict where the insurance market is going, said David Legassick, UK & Ireland Technology Manager at Chubb. “Our model is to offer the lot-both extensions and stand-alone. Cyber insurance is challenging because it touches on so many other areas-first and third party, property and liability and so on. The only way around this is to sit down with clients and work it out. I don’t think insurers should be afraid to make cyber insurance bespoke as long as both the insurer and the insured are on the same page.”
XL offers both stand-alone policies and extensions of existing coverage, said Lisa Hansford Smith, Underwriter for Communications, Media, Technology and Cyber in Europe. “I do think it is a partnership with other departments. In Europe the market is quite broad whereas in the US there is much more focus on the legal side so I think it can be helpful for a general liability department to get more expertise by working with cyber specialists.”
When asked what cyber risks are most concerning, the majority of underwriters identified the exposure from cloud computing. “It is such a new technology and you can never be sure where the data is,” said Juliette Pettit, Head of Professional Indemnity, MEA region at AIG.
“With property it is easier to map and to avoid concentration in areas where there may be an exposure to earthquakes, for example,” said Mr Tuplin of Allianz. “We will need to have a similar model when working with the cloud.”
The other major concern for underwriters, said Swiss Re’s Mr Arklie, is the growing exposure to privacy liability due to the use of Big Data, where companies analyse information from the likes of Google, Facebook or Wikipedia to identify consumer trends and behaviour. “Once people start really using Big Data, we will see some scary exposures and class actions that result from it.”