The interest in the topic of cyber risk insurance does not surprise me. After all, it has been an eventful 18 months for both the global insurance industry and industrial cybersecurity sector to say the least.
I thought it useful to put my thoughts down in writing to help reconcile and address the questions and reactions I have seen come into my email and into our sales teams. Here they are…
We’re headed somewhere, fast.
I’m sailor. At least – I can say, I like to sail. So often I find myself, in life and business, paralleling experiences to challenges faced out on the water. From the doldrums where you’re adrift hoping for a trend, to the stormy windy day when you fear your sails will tear off the mast. After the online event “Underwriting Cyber Risk for Industrials – Challenges and Opportunities,” I feel like we are sailing into a storm that is unavoidable. I am ever more certain that the challenge of cyber risk is going to transform both the insurance industry and the overarching industrial sector in drastic ways, very quickly.
Methods for cyber risk quantification don't work
Cyber risk is growing faster than both cyber security tools and financial risk mechanisms. 2021 alone, ransomware attacks doubled according to the Verizon Data Breach Investigations report. These attacks affected 37% of organizations globally according to IDC’s 2021 Ransomware Study. In all, cybercrime is expected to cost the global economy $6 trillion annually by 2021 according to CyberSecurity Ventures. And yet the Cyber Insurance: Risks and trends 2021 survey from MunichRe, found that 81% of C-level executives feel inadequately protected against cybercrime. In the end, we have a growing demand for cyber risk coverage from asset owners, but insurers and (re)insurers are unable to serve the market due the dynamic nature of the cyber risk landscape.
We (insurers) are crisis managers for a living. We know things fail...but when you ask us to take on risk that we don't completely understand - or we haven't seen before - or we haven't priced for it, that makes those conversations (policy negotiations) a little tricky - Libby Benet, JD - Global Chief Underwriting Officer of AXA XL
Cyber Insurance will grow more expensive: Since 2021 marked a year of massive losses for the Insurance Industry, cyber risk insurance is going to continue to get more expensive and underwriting scrutiny is going to get more meticulous. The traditional risk models that insurers have been using over the last two years have lead to financial losses, giving peers a degree of hesitation when creating new cyber insurance instruments to address this growing market. The demand for cyber insurance is going to grow, yet the supply will remain relatively low.
New technology to quantify cyber risk exposure will be driven by underwriters: Insurers will demand more visibility into the cyber risk posture of the companies seeking cyber risk coverage. Traditional questionnaire mechanisms or MSSP audits will not suffice. Insurers will need to get inside of these companies and understand their cyber risk exposure on a more granular level.
Both asset owners and underwriters need a common source of truth: Cyber risk stakeholders managing industrial systems and CI, as well as underwriters that back them, are going to have to join hands quickly to navigate this cyber risk storm together. Companies like DeNexus are going to play an increasingly important role in helping both underwriters, cybersecurity vendors and end-users find a single-source of truth when in comes to cyber risk exposure and financial capacity.