The Black Hole
It’s one of the fastest growing product lines in the commercial insurance sector, and it’s frustrating as hell.
Welcome to the dynamic and sprawling world of cyber and all the obscurity that goes along with it.
Whether you’re one of the many brokerages or carrier companies that have already dipped your toes in or you’re still strategizing your approach, you probably need no further color. This is the first new product in the liability market in a long time, and it’s taking center stage around the insurance world.
A recent Fortune magazine article identified three kinds of companies—those that know they’ve been hacked, those that have been hacked and don’t yet know it, and those that expect to be hacked soon. It kind of hits you between the eyes.
We know this topic is a struggle. As risk management and security practices evolve, clients wonder out loud if they need cyber coverage because they have other coverages in place. You may be offering protection without really understanding what the coverage is or, better yet, without knowing what exactly triggers the coverage. Still, other clients may not fully grasp just how dramatically expensive an incident can be. And like terrorism, it’s almost impossible to model loss experience.
Cyber security refers to data, information and asset security. The problem, as we know, is that nuances of coverage descriptions, constant policy modifications and lack of policy language standardization make it difficult to keep up. Check out this month’s feature story, “Confusion Reigns,” to get a taste of the ever-changing products, names, terms, exclusions, endorsements and triggers. As one member told us recently, “Semantics is a major problem!”
What do best practices and safeguards really mean when there’s no common understanding? For example, how are you to determine the difference in value between a “data breach” and a “compromise”?
Given the important role cyber insurance can play in improving the security posture of organizations, brokers are uniquely positioned in their role as cyber-risk advisors to coordinate risk management, compliance and insurance to increase security maturity and the cyber resilience of corporations and public entities. The Council believes as brokers build their own internal understanding of their data, systems and security protocols, the expertise in protecting their clients from cyber risks will also increase.
In other words, education on the basics of information security is key, and opportunities are aplenty.
We have ramped up our focus on cyber risk to better understand what the public and private sectors face in combating increasing cyber-security threats. Earlier this year, we launched our first cyber insurance market survey. We polled a mix of member firms from across the country—regional agencies to the largest global brokerages—wholesalers and retailers alike that work with small, midsize and large businesses in varying industries. More than 30 qualitative and quantitative questions were posed to their cyber-risk advisors.
We learned business interruption and contractual liabilities top the risk concerns of most respondents’ clients and that nearly half believe the biggest challenge for brokers is the ability to offer sustainable long-term risk transfer solutions.
Obviously, the cyber insurance market doesn’t look like the traditional property or marine market. For one thing, it really only dates back to the late ’90s, and finding actuarial data to model the risk is a shot in the dark. In turn, the industry must continue to innovate and develop creative partnerships and solutions. It is good news that in addition to consumer data breach the market is now also starting to address consequential losses from cyber crime, but we’ve got a long way to go in developing capacity.
There are certainly strategies to explore to combat some of these challenges—better information sharing (with the appropriate liability protections), more uniformity in policy language, developing more risk-sharing opportunities for insureds, and providing effective education and awareness to increase buying—but it’s not that simple, and many still feel ill-equipped.
All indications on Capitol Hill point to cyber being a priority issue. Currently, there are a handful of bills on the table that include some constructive and balanced approaches. But there is much for us to keep up with in helping you educate your clients and prospects about this new breed of risk. We’re on it. Each week, we’re providing a comprehensive cyber e-newsletter, updating blog posts at cyber.ciab.com, beefing up our online compliance library and sharing legislative and regulatory analysis as it happens.
In the meantime, be on the lookout for the first of what will be a semiannual Council Cyber Insurance Market Survey this fall. The more information we have, the better equipped we’ll be to help you dig out of this black hole we know as cyber.