French risk and insurance management community leads the way on cyber
The French risk and insurance management community deserves a big pat on the back for its ongoing efforts to sort out the cyber insurance market and make it fit for purpose for risk managers in France and across Europe.
Cyber is clearly a hugely important matter for the European corporate risk management community. It offers a great opportunity for individual risk and insurance managers to thrust themselves into the heart of business strategy as leaders rapidly wake up to this fast-rising threat.
But risk and insurance managers can only boldly stride into the boardroom to offer critical advice on how this risk should be identified, measured, managed and transferred if they are confident about the tools at their disposal to ensure that they can deliver.
Currently, the cyber insurance market is still evolving and, at best, offers a partial solution. The market is growing up fast in Europe and the arrival of the GDPR will accelerate this progress from both a demand and supply perspective.
But there remain many troubling questions about this product, what coverage it really offers and, indeed, even if it should be packaged and sold as a standalone cover or incorporated into existing property and liability lines.
Definitions are unclear, silent cover remains a big question mark and progress at individual and market level is difficult when companies are understandably worried about sharing sensitive data with third parties such as insurers and brokers. There also remains a lack of underlying loss data and experience needed to agree on price and terms, not to mention the rising spectre of potentially catastrophic accumulation risk for insurers and reinsurers.
If ever there was a case for a joined-up, market-wide approach leading to shared industry data, assurance about data privacy and agreement of globally recognised definitions and standards, then this is it.
This report clearly identifies the key challenges faced by the risk and insurance management community as it attempts to get a grip on cyber risk. It makes ten very important and practical recommendations that – if energetically adopted in a joined up, industry-wide manner with political and legal backing – would make big strides and deliver a much more robust cyber market.
Some in Europe may not be keen on such proposals for collective efforts and prefer to leave the invisible hand of market forces to sort it all out.
I would suggest, however, that in the case of cyber this would be a blinkered approach that is doomed to failure, not least because of the increasingly important matter of state-sponsored cyber espionage and terrorism.
This is not a ‘normal’ risk (if such a thing exists).
Cyber risk has emerged because the global economy has willfully, or otherwise, rapidly shifted its core infrastructure onto a digital basis. No one expected it to happen so quickly or in such a comprehensive manner. Therefore, no one is really prepared for the potential downsides.
You cannot really blame the insurance sector for being too slow or not innovative in its response to demand for quicker, broader and cost-effective cover for such a fast-evolving and potentially catastrophic risk.
This really needs a joined-up, industry-wide effort to come up with deep, broad and lasting solutions.
Cyber is a very real risk that surely needs to be tackled in a collective manner, and at least on a pan-European basis.
Well done to AMRAE. Keep up the good work!