IB Talk

Narrator 1 [00:00:05] Welcome to IB Talk, the leading podcast for the insurance industry across the UK and Ireland brought to you by Insurance Business. 

Mia Wallace [00:00:22] Hello, and welcome to the latest edition of IB Talk the insurance industry podcast brought to you by Insurance Business. My name is Mia Wallace, Senior Editor of Insurance at Insurance Business. And today we're going to be digging into the myriad of ways cyber risk has evolved in recent years. And who better to lead that conversation. And Chris McMurray, a Cyber Insurance Specialist and Managing Director of Cyber and Travelers Europe. It's great to have you here and to anchor our conversation, it'd be lovely to find out a little bit about how you've seen the cyber insurance landscape shift since you started your career in insurance. 

Chris McMurray [00:00:58] I think it's probably unrecognizable, both in terms of coverage, the underwriting process. So even though we unlisted the product, the product started off in the US or something that covered online media or a loss and data processing, and a typical excluded first party coverage. Now within the market, you have our last lecture and the policies from make to a market. They cannot both first and third party exposures, provide them both pre loss and crucially post breach response and exposure rate through your supply chain. And I think how underwriters underwrite cyber and trade that business has moved on quite significantly. So in the past issues, were just finalizing a proposal form provided by the client, and they would base that on the rate and solely on that information. Now, many insurers including ourselves at Travelers use third party tools that gain additional insight into that security landscape offered insured. And that not only allows underwriters to make better informed underwriting decisions, but also please a consultancy type role to clients. And it makes them aware of gaps in the cybersecurity that they may not be aware of, I think the other change that I've seen, it's probably been their willingness as a whole. So the product in the LED, I think was perceived has been something that was just for large organizations, and works I think there's still quite a bit of work to do. And I think there's a better understanding, though, that businesses of all shapes and sizes have a cyber risk exposure. And the cyber insurance can be a key risk management control to reduce that risk. 

Mia Wallace [00:02:23] And with that, what sounds like a rapid and significant evolution in mind, can you offer a breakdown of the cyber risk that you see facing UK businesses today? What are the main threats and who are the main targets? 

Chris McMurray [00:02:37] So the first thing to see is a cyber doesn't make a nice geographical boundaries. So the exposures facing UK businesses are the same that businesses are freezing globally. That's where remains a high level threat, and indications are that the number of ransomware related incidents has continued to increase at a pace in the last year. I don't think that's something that's likely to slow down, and companies from SME level right to through to large multinationals and all in scope for today. And addition, we are seeing an increased amount of business email compromise, phishing attacks are developed a very sophisticated level, from the LEDs without email or spelling mistakes are a little obvious tells me to be easier to spot your firms and professional services space in the financial services sector. In particular, at the moment that seemed to be seeing a lot of activity. I think it's why it's imperative that companies have an ongoing training program to help that employees identify something that doesn't look or feel quite right. And don't allow the threat too and addition, a data breach leading to a loss of data or the threat to leak data remains a major concern due to the cost of not just removing the slate from your network, but also potential regulatory punishment. And of course, any reputational damage that comes along with that, too.  

Mia Wallace [00:03:48] It's interesting to see the evolution of the cyber threat landscape. And obviously cyber insurance is a critical tool in the toolkit of fighting cyber risk. And where does cyber insurance uptake currently sits among UK businesses today? 

Chris McMurray [00:04:02] Adjacently, the teacup within business is still fairly raw and well various numbers are out there, I think commonly you'll see our own 10 12% teacup seems to be a reasonably consistent estimate. So that means of course, there's a lot of companies out there without protection, and what the threat continuing to increase in terms of volume of attacks and sophistication of those. That's a concern that many businesses are not prepared till the breach occur. And the sad reality is, if you haven't already suffered a breach, then it's likely you will have one at some point. And then a lot of businesses are just not prepared for that, particularly if they don't have a cyber insurance policy in place and all the benefits that come along with that. 

Mia Wallace [00:04:39] With that protection gap in mind from conversations with your broker partners. What do you think is holding back UK businesses from purchasing cyber insurance coverage?  

Chris McMurray [00:04:49] I think I think this is multi layered. So the cyber war over the last two or three years was a hot market cycle. So that means there was reduced capacity in the market. The cost of what was available was high And the coverage itself was more restricted than it would be in a more regular or a soft market cycle. The good news from an assured perspective right now is the market conditions have changed. And there's definitely more capacity in the market than probably there's ever been, that resulted in places coming down. At the same time coverage has advanced along with it. And I think on top of this, whilst to the still lack of understanding that these businesses face, I think this has continued to reduce a little bit, but as a major deal we know that is what to do. And I look at the SME segment in particular. And I think that's potentially still a false perception that cyber risk will only apply to large businesses. And that's because that's what they see in the place. So I think there's an education piece that the market has to play within that. The other point, I would probably argue it has an impact as economic environment. You know, cyber doesn't exist in a silo, you're globally working through some choppy waters at the moment, we're fresh out a global pandemic, that is life, many businesses of various sectors feeling the pinch somewhat, and the thought of they'd have to pay more to add another insurance product to their or that existing portfolio, that's probably going to sting a bit. So I think the flip side of that, though, is should be suffered a cyber breach, the cost of that to the business is likely to be far higher than any potential cyber insurance premium that they may pay.  

Mia Wallace [00:06:16] And I think it's an excellent point. And it is such an interconnected risk environment that we have at the moment. But of course, as the agent of the insured, it's brokers who are tasked with educating policyholders. So what do you think is holding back some insurance brokers from having conversations about cyber? 

Chris McMurray [00:06:33] I think this overzealous market as a collective still needs to do a better job in education for both brokers and clients on what the exposure is and how the product actually responds to that risk thing that still obviously can own cyber insurance that, you know, could be cleared up fairly easily. I think in the UK, I think particularly regionally. There's work to be done on this piece, you know, London market, you have dedicated cyber brokers who are able to understand in depth, the exposures, the coverage options out there, and they can do a good job of relay that back to their clients. Regional brokers tend to be more general and how they operate. So they have to deal with PI, DNO claim, for example, in addition to cyber and it's unreasonable probably to expect them to have that same level of cyber product and market knowledge. And that, in turn may make them more reluctant to have those conversations with clients. And that's a big hurdle. The cyber insurance market needs to be able to assess them to actually over to displayed the teacup when it comes to the product itself. 

Mia Wallace [00:07:32]As you mentioned, that is a significant hurdle to overcome. So how was travelers working to support its broker partners in having better conversations about cyber risk and how cyber insurance can support policyholders?  

Chris McMurray [00:07:45] Well, there's many areas we looked at. So we recently launched an online broker education module. So that's asked the broker a host of questions and gives them a score based on the answers on the current cyber knowledge they based on the areas they have for improvement, there's content that you can access to further educate themselves. In addition, the cyber team worked closely with a marketing team to produce documents such as our broker sales back, that concludes our coverage overview industry specific exposures to look for and claims examples and how we've managed them through our first class incident response. In addition, we have run various virtual and in person training sessions with the cyber team on our broker partners to help them have more informed conversations with clients.  

Mia Wallace [00:08:28] It sounds like you and your team are doing a lot of great work to really educate the markets. And for brokers who are looking to find out a bit more about that work. What's the best way to get in touch with you? 

Chris McMurray [00:08:37] You can contact us via email, at [email protected] or via our personal email addresses. We're also available on our cyber hotline at 02032076530 or via our personal numbers. Or you can find out more information at the Travelers Cyber website which is just www.travelers.co.uk/products/cyber-insurance.  

Mia Wallace [00:09:04] Fantastic. Well, I would strongly encourage any broker looking to find out more about cyber risk and how to protect their clients to access the expertise of you and your team. And thank you so much, Chris, for finding the time to speak with me today.  

Chris McMurray [00:09:18] Good to chat to you again. Thanks very much.  

Mia Wallace [00:09:20] It's an absolute pleasure. And thank you also to everybody for tuning in. And I look forward to welcome you next time here on IB Talk. 

Narrator 2 [00:09:29] Thank you for listening to this episode of IBUK Talk. You can listen to the latest episodes on Apple, Spotify, Amazon and all major listening channels. Just search for IB talk