At the last NetDiligence cyber conference held in London, head of cyber and technology underwriting performance at AXIS Capital, James Creasy (pictured), contributed to a discussion regarding cyber warfare and exclusions. Following up on this event, Creasy spoke with Insurance Business to give his perspective on the significance of major cyber events on increasing awareness of cyber risk and the importance of educating brokers and clients in this area.
Creasy, who got his start in the insurance industry as an underwriter for W R Berkley, has seen first-hand the rapid growth within the cyber insurance industry in the last five years. When he joined Novae Group in 2015, Creasy said, he was part of a team of three. When AXIS bought Novae in 2017, the team became much larger and has continued growing substantially since then.
Now this same team consists of almost 100 people working in cyber and technology and writing from offices in Bermuda, the US, Singapore, Latin America, Canada and London. Creasy believes that this global offering, in conjunction with the team’s focus on increasing awareness of cyber risk, are key reasons for this rapid growth.
Only a few years ago, he noted, the companies that tended to be aware of cyber risk and which were buying cyber insurance tended to be large Fortune 100 companies and corporations which held high volumes of personally identifiable information.
This has evolved very quickly over the last two to three years, Creasy said, with the percentage of SMEs taking up cyber policies dramatically increasing. This uptake, he said, is somewhat reactionary and has been driven by ransomware claims and other non-targeted attacks which have hit the SME sector.
The second major development, Creasy said, has been the role of major cyber events such as NotPetya and WannaCry in increasing awareness of cyber risk. Prior to these examples, he said, industries such as manufacturing, pharmaceuticals and law tended not to consider cyber risk as a major threat as they did not believe they had data breach exposure.
“I would say cyber risk awareness is increasing in companies where, in lots of cases, their cyber security programme is still developing,” he said.
“As brokers are the people with direct access to the insured, it is incredibly important that they understand cyber risk,” Creasy said. “There are some excellent brokers in the market who have a great understanding of the cyber risk landscape. However, many brokers outside the cyber market don’t hold a deep understanding of cyber risk or the cyber insurance products and, therefore, haven’t felt particularly comfortable talking to their clients about it.”
This has long been a focus for AXIS’s cyber and technology team, he said, which seeks to train brokers about cyber risk to enable them to better explain it to their clients. Since 2016, he detailed, AXIS has run a now-GCHQ certified training course which has been delivered by its team to over 800 people across the world.
In conjunction with this, he said, AXIS also has a Cyber Centre of Excellence which is a global resource for cyber insurance solutions and innovation focused on improving the cyber risk understanding of brokers and clients through consulting services, education and mentorship.
These conversations are becoming easier to have, Creasy said, as the whole cyber insurance industry is growing so much that there are more people from both the underwriting and the broking side of the distribution network who have developed a greater understanding of these risks.
Part of this increased understanding is being led by the simplification of language around cyber insurance, he said, noting that insurance can be quite guilty of using overly complicated language.
“From a cyber perspective,” Creasy stated, “it’s important to talk to people in ways they can understand because not everybody comes from a technology background. Being able to break down some of these issues so that they are easy to comprehend is very important.”
AXIS, through things like its training and Centre of Excellence, is doing an excellent job, he said, in making cyber policies understandable across the entire spectrum of business.
“I think,” he said, “there has been a general move towards clearer and easier to understand policy language and this is a real focus for us at AXIS in the development of our cyber insurance products.”