We use cookies to improve this site and enable full functionality. You can change your cookie settings at any time using your browser. Our cookie policy.
InFocus: Cyber Risk

Insurance industry must standardize cyber risk management

Insurance industry must standardize cyber risk management

Fill in your email details for an immediate FREE download

Cyber risk is one of the newest forms of insurance coverage because its media, the Internet and computers, have only been available to the public quite recently. It is a frontier that the insurance industry has not yet fully explored, creating significant room for growth, but large amounts of uncertainty, as well.
 
In an interview with ratings agency AMBest, Jacob Rosengarten, chief enterprise risk officer of XL Catlin, said that the field of cyber insurance is still evolving, and that the language and framework is still to be standardized.
 
Clients have varying states of protocols, levels of interconnectedness, and quality of mitigants, making it difficult to come up with a concrete model of risks. Most firms still work on a scenario or case-by-case basis and have yet to lay down concrete guidelines with how to deal with situations.
 
The legal system, according to Rosengarten, still lacks standardization when dealing with cyber risk. Many courts are still not used in dealing with cyber attacks, and because the laws are quite new, the lack of jurisprudence can lead to varying interpretations of laws. Courts must also be able to define clearly what consists an act of terror, political hacking, individual crimes, and other classifications with regards to cyber security. Identification of perpetrators, whether groups in individuals, is another challenge.
 
The government also has a role to play, by protecting national security, such as protecting its cyber territory from criminals or agents from hostile nations.
 
Differentiating cyber insurance risks from traditional risks such as natural catastrophes, Rosengarten noted that natural calamities have a defined scope of effect or damage. However, cyber threats have wider reach and can affect even entire nation-states. Also, the low logistical burden for cyber criminals may give them an incentive to commit an attack.
 
Offering recommendations for the industry, Rosengarten said that if the risk cannot be measured, then it cannot be managed effectively. The lack of tools to measure risk makes it difficult, but the industry must adapt and find ways. Company directors and clients must be educated about the risks. The legal system should also be standardized. New insurance products can be developed to address new types of exposure. It is an issue of relevance for the insurance industry to keep up with changes.
 
“If [insurers] don’t solve it, some other industry will,” he said.
 

Fill in your email details for an immediate FREE download

Markel's operation in Canada, formerly known as ESR, has been in existence since 1966 and is highly respected for exceptional expertise and service. Built on a reputation of underwriting excellence and product knowledge, it partners with brokers to provide effective solutions for unique commercial liability needs. Markel Canada operates across Canada with offices in Montreal, Toronto, Calgary and Vancouver.

In October 2009, ESR was purchased by Markel International, a London based specialty property and casualty insurer and reinsurer, and a subsidiary of Markel Corporation, a US-based diverse financial holding company that trades on the New York Stock Exchange. Markel International has eight operating divisions writing business through Markel Syndicate 3000 or through Markel International Insurance Company Limited and Markel Resseguradora do Brasil S.A.

The strength and specialist expertise of Markel International further improves the ability to assist brokers in solving their customer's needs, thanks to increased proficiencies, greater capacity and a range of new products.