8 Questions for CFC Chief Underwriting Officer Dan Trueman

CFC’s chief underwriting officer shares emerging opportunities in specialty lines, future pricing trends, and the six fundamental elements that make up cyber risk prevention and underwriting.
By: | June 26, 2024

Risk & Insurance recently had the chance to sit down with CFC’s chief underwriting officer for a conversation that touched on past and future trends in cyber insurance, the importance of threat modeling, and what to expect from pricing in the months ahead.

What follows is a transcript, edited for length and clarity.

Risk & Insurance: What are your current priorities as CFC’s chief underwriting officer?

Dan Trueman: As I’m relatively new in this role, my focus is on understanding our current organizational and underwriting strategies. I’m evaluating whether we’re pointing in the right directions, and if we’re organizationally effective to meet those goals.

Specifically on the underwriting side, I’m assessing if we have the right products, and if they are being created, priced and performing in the way we need them to. I’m also reflecting on my own role and effectiveness, ensuring that my time is being spent on the right things for the organization.

By keeping these three areas — strategic goals, organizational effectiveness and personal effectiveness — in mind, I believe I can stay aligned with the true north of what I need to be doing in this position.

R&I: What insights can you share about the cyber insurance market’s journey over the past few years and what can we expect in the near future?

DT: The cyber insurance market experienced significant challenges around 2019, when both frequency and severity of claims increased simultaneously. Ransomware events became more frequent, and the severity of these events also escalated — ransom demands skyrocketing from tens of thousands to millions of dollars.

This situation required the industry to reevaluate its approach to risk analysis, underwriting and client risk management practices. Fundamental factors such as multi-factor authentication and overall cyber hygiene became crucial considerations in assessing clients’ risk profiles. Additionally, certain types of clients were identified as more susceptible to attacks due to their attractiveness to hackers.

Alongside these challenges, the industry also grappled with the complexity of cyber risk modeling. Unlike traditional natural catastrophe modeling, cyber modeling involves anticipating the actions of malicious actors who are constantly adapting their strategies to circumvent defensive measures. This dynamic nature of cyber threats makes modeling and pricing cyber risk an ongoing challenge.

As a result of these factors, the cyber insurance market underwent a re-underwriting process, rather than a typical hard market cycle. Insurers had to adjust their underwriting practices, risk selection criteria and pricing models to account for the evolving threat landscape and the insights gained from advanced cyber risk modeling.

Moving forward, the cyber insurance market will likely continue to adapt and evolve as cyber threats become more sophisticated and the understanding of cyber risk improves. Insurers will need to remain vigilant in monitoring emerging threats, refining their risk assessment techniques and working closely with clients to promote robust cybersecurity practices. Collaboration between insurers, cybersecurity experts and policyholders will be essential in navigating the complex and ever-changing landscape of cyber risk.

R&I: That’s an interesting point — we hear a lot about modeling in the CAT space, and not so much in cyber. But as you said, a tornado doesn’t fight back, and a hacker does, so there’s an element of game theory at play there. Can you put the role of modeling in cyber underwriting into perspective, as compared to other lines of insurance?

DT: Fraud, while challenging to execute on a large scale, is another factor that distinguishes cyber from other “acts of man” coverages like directors and officers (D&O) insurance. D&O policies often have exclusions for systemic events, whereas in cyber, even unforeseen widespread events can still pose a significant problem.

Modeling is essential because insurers need to generate a return on capital, and capital allocation is primarily driven by the modeling process rather than underwriting alone. This nuance makes the current state of the cyber insurance market particularly interesting and challenging.

R&I: What factors are currently affecting capacity in the cyber insurance market?

DT: Initially, when capital loads changed, capacity decreased slightly and stricter underwriting standards were implemented. Additionally, reinsurance capacity became less available.

However, as market conditions and prices improved, and underwriters became more effective at identifying good risks, capacity has increased. This increase is not exponential, but it’s evident in both the insurance and reinsurance markets.

The availability of reinsurance capacity is crucial for insurers to transfer their risk, and its presence, along with increased insurance capacity, has led to heightened price competition. While prices have come down substantially, it’s important to note that this follows two years of significant price increases.

Current price adjustments are more of a return to an equilibrium level, rather than a traditional hard or soft market cycle. We will likely find a new equilibrium that is acceptable in the current market conditions.

R&I: What steps can insurers take to bring more stability to the cyber insurance market in terms of capacity and pricing for policyholders?

DT: While cyber insurance is a complex product, the industry tends to overcomplicate it. In reality, there are six fundamental elements to understanding cyber risk and insurance.

First, it’s crucial to understand the risk itself. Second, insurers must define what good security looks like. Third, they need to establish methods to audit and show that it’s happening. Fourth, given the dynamic nature of the cyber environment, insurers must have access to reliable threat intelligence and work proactively with clients to protect against evolving threats.

Only after addressing these four elements should insurers consider the risk transfer aspect, which involves crafting contracts and determining prices.

Sixth and finally, having a robust response and claims process is critical. As an industry, our responsibility is to demystify these elements and make them clearer and more integral to the process. Selling intangible products like cyber insurance is inherently challenging, but we can make it more tangible by helping clients understand that they’re receiving year-round support, not just assistance during worst-case scenarios.

R&I: What major trends do you see playing out in the broader insurance market, and what’s driving these trends?

DT: There are some fundamental trends that are affecting our world right now. AI and automation is a critical one, and I think that’s going to be really beneficial for our insurance and our brokers, because it should enable us to do more with the same amount of resources.

I see it as a co-intelligence moment, where we can augment the humans in the underwriting chain. Whether it’s using machine learning to help us allocate our workflows more effectively, improve our service levels, or analyze our data to better select and price risk, it’s a really exciting place.

The other obvious core issue is climate change and sustainability. Climate change has been a problem for the insurance industry for a long time, but there are hugely exciting elements of understanding that, looking at the protection gap it creates, and filling that. We’re very excited about the carbon credit space, and think it’s a really interesting element that can’t happen without insurance coming in to give greater security to the process.

It’s a key element of that energy transition moment. Unfortunately, the profit motive is going to be one of the ways we’re going to help sustainability improve itself, and I think carbon insurance is going to be a really key element of that.

R&I: Do you anticipate any pricing shifts in the upcoming months that brokers and their clients should be aware of?

DT: While there are always elements of volatility, we are seeing a path to a smooth landing in terms of pricing, particularly with our SME clients.

In the cyber market, where we had a significant price correction, prices are not necessarily coming down in double digits, but rather seeing single-digit price deceleration.

This is because we are starting to see other elements in the cyber risk landscape. While there has been a lot of focus on ransomware and first-party elements of cyber, we are observing an increasing frequency in certain third-party liability elements, such as wrongful collection.

I predict that we will not necessarily see another increase in cyber prices, as underwriters are doing a good job of pricing that risk across the market right now. However, I think we will see a flat landing path there.

P&C prices will depend on whether we see a significant windstorm period. While CFC does not have a lot of catastrophe exposure, it is an indicator of the contraction of available capital and the return on capital needed to work through that market.

Transaction liability, which includes reps and warranties and indemnities, has had some recent significant events and large claims. It will be interesting to see if that market experiences price correction and capacity contraction in the near future. Some markets are talking about elements of the transaction liability space that they probably will not be in soon.

Where we see a protection gap created, we always think about whether it is something we should do, as we see opportunity in those situations. It is very much the CFC way.

R&I: What are your thoughts on the current state of the insurance industry?

DT: We are at an amazing moment where doors crack open once in a generation in terms of the technological advancement we’re seeing, the digitization of the process, and the opportunity for machine learning. All of these lend themselves very happily towards the idea of insurance as a service.

The question is, how can we make our clients’ and customers’ experience of what we offer them significantly greater? We can improve our service levels for quicker turnaround, price more accurately across the cycle to avoid volatility, and offer an ever-greater claims experience to our customers.

As a technologically enabled organization, these are really exciting moments for CFC and for the industry. We’re thrilled about what they mean for us. &

David Agnew is an associate editor at Risk & Insurance®. He can be reached at [email protected].

More from Risk & Insurance