Bermuda carriers grapple with the cyber opportunity

While it remains a relatively small line of business in terms of overall gross written premiums (GWP), there is no doubt that cyber re/insurance (as many Bermuda-based carriers may write both) represents the line of business with the greatest growth potential in the eyes of many players.

The bottom line driving this dynamic is the nature of the increasing risk. One in four companies (27 percent) globally have suffered a data breach that cost them $1 to $20 million or more in the past three years, according to PwC’s annual “Global Digital Trust Insights Survey”. The percentage rises to one in three (34 percent) for companies surveyed in North America, with only 14 percent of firms globally reporting that no data breaches have occurred during the period.

Yet despite cyber attacks continuing to cost businesses millions of dollars, fewer than 40 percent of executives surveyed say they have fully mitigated cybersecurity risk exposure in a number of critical areas. This includes enabling remote and hybrid work (38 percent say the cyber risk is fully mitigated); accelerated cloud adoption (35 percent); increased use of internet of things (34 percent); increased digitisation of supply chain (32 percent); and back office operations (31 percent).

“The continued increased prevalence and severity of cyber attacks has fuelled a growing demand for cyber coverage, which appears to be far outstripping supply, offering a huge commercial opportunity for specialty insurers and reinsurers,” said Matt Britten, insurance partner at PwC Bermuda.

“The rapid evolution of cyber risk does present extreme challenges to underwriting and pricing, but reinsurers risk losing relevance if the demand for cyber cover isn’t met.”

He added: “During 2021 and this year, there has been an acceleration among Bermuda-based reinsurers towards specialty reinsurance with several carriers and brokers establishing dedicated cyber teams and units. This trend is expected to continue as they work to deploy more capacity to the market.”

The size of the opportunity—and challenge—can also be viewed through another lens. A new report by the Global Federation of Insurance Associations (GFIA) has identified and quantified the most significant—and growing—annual global protection gaps. Bermuda’s re/insurers will note that cyber outstrips natural catastrophes by some distance.

The report suggests that the biggest protection gap is for pensions ($1 trillion) followed by cyber ($0.9 trillion), health ($0.8 trillion), and natural catastrophes ($0.1 trillion).

The report identifies the factors driving these protection gaps on both the demand and the supply side, including why certain risks can be very difficult to insure completely. The report provides an overview of the wide range of potential levers that can be used by a broad variety of stakeholders to address the gaps.

GFIA president Susan Neely commented: “Insurers around the world play a vital role in helping to protect people and businesses from the risks they face, and to recover when those risks materialise. However, as this report highlights, a range of factors have led to huge and growing global protection gaps that could have profound impacts on people’s lives and livelihoods.

“Insurers can take, and are taking, steps to address these gaps. These include using technology to assess risks and claims, and to make insurance more accessible for people and businesses.

“However, closing the gaps will require action from policymakers to create environments in which risks can be managed and mitigated. These actions will help keep risks insurable and insurance protection affordable.”

The report uses a range of case studies to demonstrate the private and/or public policy actions that have been taken to reduce protection gaps. It also includes GFIA’s own recommendations to policymakers of the best levers to use to reduce risk and increase protection.

“The report makes clear the steps that are needed to reduce the protection gaps and to help people and businesses access the insurance services they need to succeed and thrive,” Neely added.

How carriers respond

Against this backdrop of opportunity, insurers and reinsurers alike are responding: by investing in talent, systems, software and startups—anything they think can help give them a foothold and an advantage in this complex and fast-evolving market. Many of these initiatives have been broadcast in the public domain, but many more have taken place behind closed doors.

To offer some context of the dynamic around cyber in the Bermuda market at the moment, here are eight strategic initiatives and hires we considered significant.

Cyber player Coalition forms Bermuda reinsurer

Coalition, the San Francisco-headquartered provider of cyber insurance and security, has formed Ferian Re, an independent Bermuda-based class 3B reinsurer that will provide capacity across Coalition’s cyber programmes.

Ferian Re will be capitalised with about $300 million from an investor group led by funds managed by BDT Capital Partners, an affiliate of merchant bank BDT & Company. Minority investors include the Pritzker Organisation.

Ferian Re will participate in Coalition’s cyber insurance programmes alongside global insurers and reinsurers, including Allianz Group, Arch Insurance North America, and Swiss Re Corporate Solutions.

Joshua Motta, founder and chief executive officer of Coalition, said: “The rapid growth of the cyber insurance industry has outpaced the supply of reinsurance capital. We’re excited for Ferian Re to bring alternative capital to the market and introduce a reinsurer with deep expertise in cyber.

“Our partnership with BDT Capital Partners and other strategic, long-term investors will help address this supply and demand imbalance and support our long-term growth ambitions.”

CyberCube partners with AkinovA

Cyber risks analytics provider CyberCube is to partner with AkinovA, an electronic marketplace for the transfer and trading of insurance risk, to enable AkinovA’s clients to benefit from CyberCube’s modelling and analytics.

In the partnership CyberCube’s products will be made available to AkinovA’s platform. In doing so, the entire value chain of the risk transfer sector can gain access to CyberCube’s sophisticated models. CyberCube’s models are based on specially designed cyber risk scenarios including ransomware attacks, cloud outages and major systemic risks to support insurance, reinsurance and insurance-linked securities (ILS) organisations to make better decisions when placing and managing cyber risk.

Juan Marcano, alternative risk transfer principal at CyberCube, said: “As a trusted facilitator to the risk transfer sector and a powerful advocate for the benefits of new technology, AkinovA is an ideal partner for us at CyberCube. This is a real vote of confidence in CyberCube’s products and the insights they generate.

“Our products provide businesses with the knowledge they need to make empowered choices about cyber risk. By combining our knowledge of the cyber ecosystem and our modelling capabilities, we’re able to model various cyber scenarios that can be used to stress test portfolios—or even individual risks. The information gained from these exercises is vital in pricing and effectively managing a portfolio of cyber risk.”

DeNexus launches new offering

DeNexus, a provider of cyber risk modelling that started in Bermuda in 2022, has launched Version 5.3 of its DeRISK Platform.

DeRISK 5.3 is an evidence-based, data-driven cyber risk quantification and management tool that aims to help the risk transfer community better understand, mitigate and transfer the risks associated with cyber breaches.

DeNexus’ cloud-based technology extracts data directly from an industrial organisation’s internal operational technology infrastructure, which increases the accuracy in determining the financial impact of a cyber event. This helps re/insurers and ILS investors commit appropriate risk capacity and develop better solutions to cover cyber risk.

“Re/insurers and ILS investors need to have confidence in cyber data in the underwriting process, in order to create new cyber offerings with confidence,” said Jose Seara, chief executive officer of DeNexus.

“The updates to the DeRISK platform were driven by the dynamic nature of cyber risks and give the risk transfer community the ability to better quantify and manage cyber risk exposures on a continuous basis.”

BMS invests in cyber talent

Broker BMS has appointed Monica Tigleanu as divisional director, cyber strategy. Tigleanu will be based in Bermuda and will report to Adam Mullan, executive chairman of BMS Re Bermuda, with a dotted line to Chris Madell, managing director of financial and professional lines at BMS.

Tigleanu’s primary focus will be to future-proof BMS’ cyber strategy by developing innovative products tailored for the ever-evolving cyber risk landscape. She will leverage her global network to bring together new capacity from various insurance hubs and spearhead the creation of distinctive facilities offering coverage currently unavailable in the market.

Tigleanu has extensive knowledge of the cyber insurance market, having worked within the sector for more than 10 years as an underwriter and broker.

Tigleanu joins BMS from her most recent role as a senior cyber underwriter at Munich Re. Prior to this, she worked as a cyber property damage leader at Marsh. Tigleanu has also held senior positions at companies such as Beazley, AIG and Travelers and she sits on Relay’s board of advisers.

She began her insurance career as a key contributor to financial lines underwriting, including cyber, directors and officers, and financial institutions errors and omissions and crime. Since then, she has focused on analysing a variety of cyber exposures across industry sectors and on providing bespoke risk management solutions.

Mullan said: “Monica’s track record is impressive. Her knowledge of the market combined with her innate ability to effectively help clients understand cyber risk will be a major asset to BMS. Her expertise complements our broader risk advisory capabilities, enabling us to continue helping our clients with their risk management goals.”

Madell added: “Cyber is a class that has a lot of capacity for product innovation. We are committed to staying at the forefront of this complex class and to raising awareness of the underlying risk while at the same time offering bespoke solutions to our clients.

“It is a pleasure to welcome Monica to the team. Her vast amount of experience in both underwriting and broking make her well placed to understand the challenges and opportunities present in the market.”

AXA XL backs cyber MGA

Intangic MGA, a London-based cyber managing general agent (MGA), has been launched with backing from AXA XL, offering new cyber insurance cover for large public corporations headquartered in the UK.

Intangic MGA has worked with AXA XL for its cyber policy, CyFi, which is underwritten by AXA XL Insurance Company UK. Intangic offers public corporations with cover of up to $15 million (£12.5 million) in the UK market to cover losses from material cyber breaches. Plans are underway to extend this offering to the US market.

The policy has two simple parametric triggers: the level of malicious activity targeting a company, and a subsequent loss in value. The triggers ensure that all parties have a transparent dashboard for the real-time monitoring of risk activity—a first for an underwriter in the cyber insurance market. When both triggers have been met, the claim is quickly paid to get the business running efficiently again.

“It comes down to thinking differently about the problem,” said Ryan Dodd, chief executive officer and founder of Intangic. “The security teams at large corporations have to manage cyber threats all day, every day. Our approach assesses cyber as a high-frequency risk.

“By accepting cyber attacks as ‘constant’, we can measure a link between how these attacks are managed and the financial impact they have on corporate operations. Our parametric triggers make this link visible, enabling fast recovery from covered material breaches and giving corporations a new type of insurance risk transfer.

“By doing this, we have converted cyber risk to a language the board understands,” said Dodd.

Resilience hires Liberty cyber executive

Liberty Specialty’s head of financial lines for Bermuda, Dan Rance, has joined cyber risk solutions company Resilience. Rance will head the Bermuda office and global head of large accounts as the business seeks to expand from the mid-market.

In the last year, the firm says, it has seen loss ratios less than half the industry average, record growth doubling 2021 business, and expansion of underwriting authorities to serve enterprises up to $7.5 billion in revenue.

Rance has more than 14 years of experience in the Bermuda market. Before Liberty, he was an underwriter with Iron-Starr Excess Agency and a catastrophe risk modeller with Ironshore Insurance.

Resilience was founded in 2016 by US military veterans and offers policies with integrated cybersecurity solutions.

“Resilience was built to fit a critical need for sophisticated enterprises who require a continuous solution to simplifying and holistically managing their cyber risk,” said Vishaal Hariprasad, chief executive officer of Resilience.

“After successfully launching this new model in the mid-market space, we are excited to bring on talented leaders like Dan, who will help us secure the capacity to provide the insurance side of the equation to large enterprise customers.”

“With our recent expansion of underwriting authorities extending to companies of $7.5 billion in revenue, Resilience is excited to further expand its model to larger enterprises,” said Mario Vitale, president of Resilience Cyber Insurance Solutions.

Mosaic partners with Safe Security

Mosaic has launched a new coverage via a partnership with tech firm Safe Security that allows it to underwrite primary cyber insurance globally, offering $20 million in capacity.

The product leverages Safe Security’s cyber risk platform. Participating clients will be the first to benefit from the Mosaic x SafeInside partnership.

Cyber was Mosaic’s first product in 2021 and has become an increasingly important part of its specialty portfolio.

“We’re excited to offer a primary cyber insurance solution across all Mosaic’s underwriting regions,” said Yosha DeLong, Mosaic’s global head of cyber. “We have always had the vision of being a primary solution and providing insureds with a true partner in a time of crisis.

“The cyber market has experienced major shifts in the last few years, and we aim to add stability and security to the primary marketplace.”

Relm partners with NetDiligence

Relm Insurance, a specialty insurance carrier serving innovative industries, has partnered with NetDiligence, a provider of cyber risk response services, to deliver a suite of cyber risk monitoring solutions to policyholders.

It will offer these through the eRiskHub, a platform that offers a wide range of proactive (preventive) and reactive (recovery) information, education, and services. The platform is specifically designed for the prevention, reporting, and recovery of losses caused by cyber incidents.

“Effective cyber risk management is no longer optional—it’s essential. As cyber threats continue to evolve, our policyholders must stay one step ahead to protect their businesses and reputation,” said Donavan Burgess, senior vice president and underwriter of digital assets, cyber and professional lines at Relm.

“That’s why we’re proud to announce the addition of NetDiligence’s eRiskHub to our comprehensive cyber risk policy. With its up-to-the-minute data and powerful educational tools, eRiskHub empowers our policyholders to understand and manage their unique cyber risk exposures, develop a robust cyber readiness plan, and minimise the devastating impact of a breach.”

Mark Greisiger, president and CEO of NetDiligence, said: “Our team and our solutions are dedicated to making cyber risk management easier for everyone involved in the process of mitigating modern-day cyber risk. From policyholders to cyber insurance professionals, the eRiskHub portal helps those at the forefront of cyber defence to stay razor-sharp as the cyber threat landscape evolves.”