The rise in cyber attacks, and specifically ransomware incidents, has brought about “some very interesting changes” for the class of cyber insurance, Daniel Carr, head of Cyber at Ariel Re, told Monte Carlo Today.

“I wouldn’t in any case suggest ransomware has been good for the industry because it’s caused an awful lot of economic harm. But it has demonstrate that cyber insurance works, is effective, and has a real value proposition,” he said.

There has been an acknowledgement in the maturing risk management community that companies can’t always access the cybersecurity risk management expertise they need, he said.

“There’s been an increased acknowledgement that everyone has exposure to these threats. If you were to go back three, four or five years ago that position was largely confined to a more specific group of organisations—those with high profile clients such as the banking sector or government—and those managing large volumes of personal data, driving an acknowledgement that they held a regulatory exposure.”

Carr said that the increase in incidents, especially ransomware attacks, has highlighted that attacks can be indiscriminate of industry or a company’s business practices. As a result, this has significantly increased the awareness of cyber threats to a broader market, especially those that did buy cover. “It’s provided an opportunity for the insurance sector to prove the product is valuable and worthwhile.”

According to Carr, the next phase of development for this complex class follows a few years of deterioration of underwriting results, as the industry tried to get a grip on ransomware. But, he said, if you analyse the nature of those losses and where they came from you couldn’t necessarily characterise that as one particularly large event.

“It was a change in the underlying risk environment, a change in the profile of the threats, which led to a marked short-term deterioration in underwriting results. The conditions are still volatile, and the question remains as to what the next ransomware could be,” Carr said.

“Just five years ago, no one was talking much about ransomware,” he added. This raises the question ‘what will we be talking about in terms of cyber attacks or vulnerabilities in the future?’.

“Another question would be ‘how does that impact underwriting, rating and capital and how can the market get ahead?’,” he said.

“We’re now considering these questions from a much bigger premium base, and in an economy which is even more reliant on cyber solutions,” he said.

“We’ve seen some interesting developments in the product in response, especially in the last 18 months, including pushing more co-insurance through to the buyer in an attempt to mitigate loss and more closely align incentives.

“That’s fair, but equally the buyers of that product are often seeking help with managing their cyber risks, depending on their size and sophistication.

“Cyber is a complex class of risk and it’s very difficult no matter whether you’re a reinsurer, insurer or insured to access the knowledge and expertise needed to fully understand all of the components involved.

“The continued segmentation of risk and alignment of incentives between all parties in the risk chain is something I expect to develop further,” he concluded.