Cyber Insurers Need Loss Data to Properly Underwrite Risks

By Elizabeth Blosfield | June 24, 2019

While there are “huge opportunities” on the horizon for the cyber insurance industry, cyber insurance underwriters still face the challenge of not having enough historical data to work with.

“It’s really scary to underwrite something when you just don’t know what the potential losses could be,” said Brian Meredith, managing director at UBS Group AG, during a panel discussion on trends in the property/casualty insurance sector at S&P’s 2019 Global Insurance Conference in New York. “There’s lots of opportunity here, but we need a lot more data to expand it.”

This lack of data has led underwriters to approach cyber cautiously so far, with small limits and using a lot of reinsurance to protect themselves, said John Iten, director of S&P Global Ratings.

Panelists at the PLUS Cyber Symposium in New York last month echoed these concerns, with Bob Parisi, managing director and cyber product leader for Marsh, stating that one solution could be to model how the property market has historically underwritten risk, Insurance Journal reported.

“The property market is able to sustain bad hurricane years … To be sustainable, you have to underwrite to the risk,” Parisi said at the PLUS conference. “So go next door, ask the property guy for his rating model and start applying it. There are solutions here that can solve some of these problems.”

Recognizing this data challenge, one data analytics provider – Verisk – announced on June 12 the launch of its Cyber Underwriting Report, an insurtech tool aimed at helping insurers underwrite a variety of risks in the cyber market where historical data is limited.

The Verisk report seeks to address these challenges from both an insurance and cybersecurity perspective by leveraging nearly 100,000 historical cyber events, combined with machine learning and stochastic modeling, to provide estimates of the frequency and financial impacts of potential cyber incidents. The tool gives underwriters a cyber risk score for a company they are underwriting, a peer score to provide context and a profile describing critical business and technology characteristics.

“Underwriting cyber has become a major challenge for many insurers trying to make informed decisions about a risk that can be hard to evaluate,” said Prashant Pai, vice president of cyber solutions at Verisk, in a company press release. The company estimates cyber coverage will reach $6.2 billion in premiums by 2020.

During the S&P conference panel discussion, Iten added that caution around a lack of historical data in cyber insurance is compounded with additional cyber coverage challenges, stemming from concerns about the interaction of different policies and silent cyber risks.

Silent cyber refers to potential cyber exposures occurring within traditional property and liability insurance policies, which may not include or exclude cyber risks. This can create an issue where multiple policy coverages are hit across a much wider group of insureds than envisioned, panelists explained.

With all of these risks in mind, Robert Hauff, managing director at Wells Fargo Securities, agreed that more data within cyber insurance will be imperative in the future.

“Data is key,” he said. “Unfortunately, the entity that has the most data on this topic is the government, and if they would be willing to share with the industry, it would be instrumental to get its arms around this risk and really grow it and price it better.”

Opportunity Remains

That said, S&P panelists were optimistic that cyber still presents lots of opportunity for insurers.

“I think it’s a huge opportunity,” Meredith said. “It could be a $50 billion market premium-wise; I’ve seen the numbers.”

Although the cyber market is still relatively small, it has drawn lots of interest from insurers so far, Iten added.

“It’s one of a few new products the industry has had in a while, and it’s seen lots of interest and growth, albeit from a small base,” he explained.

In fact, a recent Marsh report on the cyber market – More Cyber Insurance Buyers as Awareness Grows – noted the estimated cyber insurance market increased to $1.8 billion in 2018, three times what it was in 2015.

Tom Reagan, U.S. Cyber Practice leader for Marsh said Marsh’s experience shows the overall number of U.S. purchasers has doubled over the past five years, while policy limits for existing buyers are also growing “as the economic impact of cyber events becomes increasingly clear.”

Indeed, a big reason for this growth is that more companies, particularly larger companies, are beginning to invest in more technology as they recognize the need for it, putting themselves at increased risk for a cyber event, S&P conference panelists stated.

“The way I look at it is that companies need to continue to invest in tech or else fall behind,” Meredith said. “It gives you a significant competitive edge and a couple of point advantage over your competitors.”

Was this article valuable?

Here are more articles you may enjoy.