Cyber: Part 1 — Silent Cyber and the call for Innovation
Throughout the (re)insurance industry there are few topics as widely discussed across the C-Suite as Cyber and the mega-liabilities that it creates for clients around the globe. This multi-part series will aim to provide a broad understanding of some of the challenges insureds, insurers and reinsurers face throughout the cyber insurance landscape.
Cyber insurance first came into the fore in 1997 when AIG released a basic third party liability product to provide some compensation for hacking. In 1997 only 1.7% of the global population had access to the internet; that number has ballooned to more than 40% today with companies like Google and Facebook actively looking to deploy satellites and high-altitude balloons to provide affordable (often free) internet access to even the most remote places on Earth.
What began as an experiment in connectivity, the internet quickly emerged as a global centre of commerce and, with the introduction of the Cloud, the most efficient way for companies to gather, distribute and maintain data. This data faces an increasing threat of being confiscated and sold or held for ransom or misused. Add to the mix the increasing prevalence of internet connected devices that can be hacked to extract data or to cause malfunction and harm, it is easy to see why the insurance industry is actively seeking to provide suitable solutions.
The coverage made available by insurers has been evolving rapidly, where the first rounds of products were focused predominantly on data breaches, there is now increasing 1st party coverages like business interruption and property damage. Across the insurance industry Cyber has evolved into a mainstream speciality line of business; however, the growing concern for the insurance industry is the potential impact of Silent Cyber.
Silent Cyber can be loosely defined as potential for cyber related losses on policies that do not affirmatively cover cyber exposures. Broad ‘all risks’ policy wordings have exposed insurance companies to myriad potential cyber threats where cyber isn’t explicitly excluded from the policy; add to that a limited understanding of the overall exposure and the sizable loss potential, (re)insurers risk serious overexposure that they may not be aware of, and subsequently prepared for.
The growing concern around Silent Cyber and the difficulty in assessing ultimate exposures has resulted in insurers increasing policy exclusions, leaving many insureds frustrated with their policy coverage.
Without increasing exclusions how best can motor insurers prepare for the scenario where a car accident is the result of a vehicle being hacked and the electronic breaks disabled? How should a property insurer safeguard against the threat that a property’s industrial control software can be hacked, causing a centrifuge to spin too fast and resulting in an explosion and a potential multi-million dollar loss?
As the Cyber insurance market continues to gain traction the focus remains on polices that have affirmative cyber coverage; however, the exposures and losses at risk to Silent Cyber are potentially far greater; therefore, carriers who don’t write affirmative cyber insurance policies often wrongly believe they have little to no cyber exposure.
The capacity for affirmative Cyber available in the market has seen strong growth in recent years (north of 20% YOY according to Dowling Partners), however, even insurers who aren’t explicitly writing cyber policies are finding themselves increasingly exposed to Silent Cyber liabilities and are finding limited support within the reinsurance market.
Whilst traditional Cyber in the reinsurance market has seen strong growth in recent years in terms of uptake, premium written and capacity available, the emergence, and improved understanding of Silent Cyber has made this product increasingly difficult to innovate and even more complex to underwrite.
TigerRisk’s team of experts have developed solutions to assist all of our clients to address Silent Cyber issues in all classes of business and all geographies. For further information please contact Kevin Abramson (KAbramson@tigerrisk.com) or Steve Pfeiffer (SPfeiffer@tigerrisk.com).
In future articles we will dive further into the complex Cyber Insurance market will look to provide greater insight into the key innovations, regulatory changes and market drivers affecting the most rapidly evolving product within the insurance industry.
If there is an element of Cyber that you’d specifically like us to dive into further, please email TigerTech@tigerrisk.com and we will do our best to cover it in an upcoming installment.