According to Erica Davis, the growth opportunity for cyber is massive. “There was a debate for many years as to whether the risk would be absorbed as part of the traditional P&C market, or whether the product would survive and thrive on a stand-alone basis,” she says. “Given the actions we have seen from Lloyd’s and others to eradicate silent cyber from non-cyber lines of business we do anticipate the stand-alone to be viable and a contained solution in the industry going forward.”
Her colleague Anthony Cordonnier thinks that the product has really shown its value in the last eighteen months: “With ransomware trends, every business both big and small can relate to what the impact of a cyber-attack looks like, and from that standpoint the product has proven itself and has a track record.” However, he adds, “the reason we don’t use that terminology is that cyber insurance really fits in both property and casualty and is both a short-tail, first party coverage line and a long-tail, third-party liability line and it does both. In our view it is incorrect to put it into one or the other because it sits across both, and that is the uniqueness of the product. Is it its own pillar of insurance? Maybe, but it really is a product that is multi-faceted”.
As Davis points out, cyber is also about the risk itself, which she stresses sits across all different exposure classes. “But I agree that we have seen the product become much more relevant,” she says. “Look at Anthony’s point around ransomware: it really helped organisations to understand how they might be impacted, but from an industry perspective, we also saw losses paid, so both the relevance and value of the product was shown.”
“Some feel that the cyber product is a bit nebulous and it is an intangible product for intangible assets, and that it is sometimes difficult to figure out, but we did see the product respond to ransomware losses, and we saw the losses paid, and because of that we have a much more resilient cyber market for the future.”
It is also important, says Cordonnier, to think not only of cyber as a product, but also as a peril: “The peril is everywhere and it ouches everything. There has been a lot of work done in building the cyber product and removing that exposure from other lines, but really the cyber peril is everywhere and will remain everywhere. What I mean is that a cyber-attack leading to property damage, by and large that’s going to be covered by the property markets still… but the non-damage part, that’s going to be in the cyber market. If you take the argument to its extreme, a discussion I’ve had many times with a person that talks about PC&C is that if you exclude cyber from everything under whatever form, you’re not going to have any insurance left… everything will be cyber!”
Another topic addressed by the couple was whether ransomware still a significant threat for companies and the cyber market? Davis takes this head on, suggesting that It is still a significant threat, “but we have seen activity subside a bit in 2022”.
“All different shapes, sizes, and classes of business are at risk of ransomware attack, but we’ve seen the scale and scope begin to taper off a bit, and it remains to be seen as to whether that is a long-stand trend, but that has been our observation and our clients’ observations.”
According to Cordonnier, another significant threat in this space that perhaps hasn’t received as much attention recently but that is, nonetheless, sill relevant is that of regulation, with privacy regulation still evolving and becoming more sophisticated, both Stateside and in Europe with GDPR, which he says has been on the statute books for a couple of years now, “but the implementation of it is still evolving and the full impact of it is still being determined, so that is still very much a risk”.
Davis also says to look out for the cyber risk associated with vendor partners, “and really look at cyber risk beyond the four walls of your organisation…I would say that cyber risk has really heightened in recent years and businesses at doing a much better job at mitigating the risk and training employees on the exposure, as well as preparing different contingency and disaster exposure plans. But extending that thought process to your critical vendor partners, upstream and downstream, has become increasingly critical to the operation and something that is still a challenge for many across the value chain.”
The Big Question is supported by AdvantageGo, which provides revolutionary commercial insurance and reinsurance software solutions. Harness the power of proven, functionally-rich core solutions. www.advantagego.com