Forget P&C business—add an extra C for cyber

As the world marches towards an increasingly interconnected future, cyber will become one of the biggest risks that companies will need to manage—and insurers will need to qualify, price and underwrite. This will mean a fundamental shifting of the portfolio mix for most insurers.

The growth of cyber insurance shows no signs of slowing. As market penetration and new covers emerge, it might not be long before we talk not of P&C, but PC&C—property, casualty and cyber.

That was one of the observations from a recent session of Intelligent Insurer’s Re/insurance Lounge, the online, on-demand platform for interviews and panel discussions with the market’s leading players and thinkers.

To explore the prospects for cyber and what it will mean for the industry and insureds, the Re/insurance Lounge brought together a diverse panel of analysts, carriers and brokers:

  • Simon Ashworth, chief analytical officer for insurance at S&P Global Ratings;
  • Louis Botticelli, senior director and US cyber product leader for small business and specialty lines insurer Markel Specialty;
  • Jasper Goring, cyber specialist broker at Gallagher Re; and
  • Michael Shen, head of cyber & technology for the London Market at global specialty re/insurer Canopius.

New risks

As Goring outlined, the growth in cyber insurance has been rapid. “I was at Willis in 2010. I started, like a lot of cyber brokers, in the professional liability team, and cyber probably made up about 10 percent of my day job,” he recalled. “That very quickly became 100 percent of my day job.”

Despite this, there’s still massive room for growth.

“The demand for cyber insurance isn’t going anywhere. We think the global demand for aggregate cyber coverage continues to go up 20 to 30 percent year on year.

“The American market is potentially the only one you could suggest is nearing maturity, but even that has a long way to go with penetration in some sectors,” Goring said.

Two key trends are driving the growth.

First, the risk continues to evolve and increase. Attacks are both more prevalent and increasingly difficult to defend against.

“We believe that the sophistication of attacks has increased over the last 12 months,” said Ashworth—a fact insurers need to take account of both as potential targets of attacks and as underwriters, he added.

Those facing state-backed espionage and attacks face an almost impossible task to defend themselves, noted Shen. “If you have something that only you have and a state wants to get it, they’re going to have the resource and people power to take the time, be patient and carry out that sort of attack.”

COVID-19 has added to the challenges many face, with companies adapting to a remote workforce that leaves employees exposed. Staff remain the softest target for attacks, Botticelli noted, with social engineering attacks such as phishing increasing “exponentially”.

“The lockdown forced full remote working for all companies, and a lot weren’t prepared. We say don’t let a good crisis go to waste, and these threat actors aren’t doing that,” he said. “It’s a big concern.”

“Companies across the market are really screening their portfolios.”
Simon Ashworth, S&P Global Ratings

More affirmative cover

The second trend driving growth is the move towards affirmative cover, which is gradually excluding cover for cyber events from other lines.

“We do get the sense that companies across the market are really screening their portfolios, said Ashworth.

Goring agreed: “That should be a huge opportunity for the cyber insurance market as other lines of business go through a process of affirmation and deciding whether the cyber peril should be picked up in their lines,” he said.

One key area of growth is likely to be physical damage, with the internet of things and attacks on industrial control systems increasing the prospects for losses through cyber attacks and the need for protection.

“To me, that feels very much how cyber non-physical damage, which is a more significant market, felt 10 years ago,” said Shen. Customers are only beginning to consider whether they need it.

“In this instance, they’ve had it for free under their traditional lines. That’s been taken away from them, so there’s even more incentive for them to continue that coverage.” Automated vehicles are another potential area for sustained growth.

Combined, these two trends will lead to cyber becoming an increasingly dominant part of the insurance industry, Goring predicted. Eventually, that may mean we no longer refer to the P&C industry—“in the future, we will refer to PC&C—the property, casualty and cyber industry,” he said.

“It will become a key driver of capital for the whole industry.”

Shen agreed: “Every premium dollar that falls into the more traditional spaces at the moment is going to move slowly over into cyberspace.”

For insurers, he concluded, it presents a stark choice. “You can’t fail to get on board with this. If you want to align yourself with the traditional lines, the premium pool there is going to be shrinking, while the premium for cyber and intangibles is going to be increasing,” he said.

“Whatever carrier you are and wherever you are, this will happen for you. It’s all about getting ahead of it.”

To view the full Re/insurance Lounge session click here

Image courtesy of Shutterstock / solarseven

Sign up to the Intelligent Insurer newsletter

Take a trial subscription