Cyber: It’s in Everything You Do. So What Does That Mean for the Insurance Industry?
Wherever you go, whatever you do, cyber risk is always following you.
From phishing attacks sent via email and opened on your phone to someone gaining access to your network using a smart appliance in your home, cyber risk is a growing and ever present risk.
Hackers are becoming ever more sophisticated and it has many employers worrying if their company-wide cyber security trainings will ever be able to keep up.
“There is a realization that the ability of bad actors to perpetrate attacks is moving faster than the ability of companies to train their employees. This will likely be a continued area of focus,” said Chris Beck, managing director of Milliman’s cyber risk solutions group.
A panel at The Insurance Information Institute’s (Triple-I) Joint Industry Forum aimed to address the growing threat of cyber attacks and how insurers can respond.
Beck appears alongside Catherine A. Mulligan, global head of Cyber, Aon, and Paul Miskovich, global business leader, Pango Group to discuss the state of the cyber insurance industry and whether private markets will continue to have an appetite for the risk. Triple-I’s Chief Insurance Officer, Dale Porfilio moderated the conversation.
Key Takeaways from the Session
- Cyber risk is growing, with several types of bad actors, including dedicated criminals and countries, launching new attacks.
- The panelists estimated that by 2026, there will be $28 billion in cyber premiums.
- Rate increases are becoming common. Many companies saw premium increases of up to 50% this year.
- Underwriters are gaining a better understanding of cyber risk which will hopefully stabilize the market.
“There is a realization that the ability of bad actors to perpetrate attacks is moving faster than the ability of companies to train their employees. This will likely be a continued area of focus,” Beck said.
Is Cyber an Insurable Risk?
One central question the panelists kept coming back to was whether or not cyber risk is insurable in private markets or if the threat has become too great to take on.
“It’s a growing risk. We see it every day in the news,” Profilio said. “The question is how do we want to participate in it?”
All of the panelists agreed that there is a place for cyber coverage within private insurance markets. In fact, the line has done well for insurers over the past few years.
“When you look at how cyber has functioned in the market it has been profitable pretty much every year for insurers,” Miskovich said.
Reinsurers have plenty of appetite for the risk as well: “We’re seeing new reinsurers come in and say we’re thinking about dipping our toes into cyber,” Mulligan said.
So why all of the rate hikes? The panelists were in agreement that the current market is stabilizing — rather than hardening.
“The cyber market has adopted increased underwriting rigor with a willingness to decline business if cyber hygiene controls are not in place. We hope this will build increased stability in the market to support further innovation in risk management techniques, scenario development, and capacity advancement,” Mulligan said.
As underwriting gets more sophisticated, rate increases will not be as high across the board. Rather, industries with high levels of cyber risk will see larger rate hikes and those with less risk will see lower premium increases.
“Maybe somebody needs a 35% rate change, maybe somebody else only needs a five percent rate increase,” she continued. &