How will the cyber insurance market develop over the coming years?
William Finley, underwriter at QBE, talks about the insurer's recent 5-star award success for its cyber insurance offering. He provides an overview of the market over the last 12-18 months, the hottest issues this year and in the coming years, and how insurers and brokers can work together.
To view full transcript, please click here
Speaker1: [00:00:13] Hello, everyone, and welcome to the latest edition of Insurance Business TV and a celebratory one at that as we welcome one of our five-star cyber insurance providers. The cyber market, it seems, is one that is constantly in a state of flux. Every time you think you've overcome a threat and you want to merge, yes. For brokers, that leaves them having to constantly evaluate the policies they offer to their clients and putting a risk mitigation high on their agendas. Choosing the right insurance partner is tough. So what separates the best from the rest? Today, I'm delighted to welcome William Finlay, who is a cyber underwriter at QBE Insurance, a newly named five star cyber insurance provider. On the back of Insurance Business UK's recent broker market survey, William, huge congratulations to you and to QBE. What do you think has led to the success and what sets your policy apart?
Speaker2: [00:01:10] Yeah, thanks. So I think probably starts with with the team. We like to think that we've got a very strong underwriting team and technical team and also claims team, both both in London and regionally. We've been writing cyber easily writing cyber for over eight years now, so we like to think we've got some experience in it. We've seen the policy work we've developed. It's where necessary. The wording we like to think again is is clear and easy to understand, allowing brokers and clients to read it and understand it. For the past few years, we've we've been pretty consistent in our in our sort of underwriting approach, both from an appetite standpoint from from different sectors, we write. And that certainly helps both clients and brokers become comfortable with us as their insurer. And finally, perhaps the most important bit, I guess we really like to to understand our clients and get to know them both that helmets from art from an underwriting standpoint, but also allows us to to tailor cover where appropriate.
Speaker1: [00:02:27] Yeah, thanks, William, I'm sure your team is going to really appreciate the shout out there as well, if we can, let's tap into your expert knowledge and give us an overview of the cyber market over the last 12 to 18 months.
Speaker2: [00:02:41] It has been a challenging period for for the cyber market over the past 12 12 months or so, 18 months, 18 months or so ago, we saw a significant increase in both the severity and frequency of claims across the whole market, not not just QBE. That was that was mainly concentrated around ransomware losses. Now, and for the next 12, 18 months or so, I think we're starting to see that that frequency reduce. However, severity has increased. So a general trend has been that when malicious actors have been getting access to to systems, they've been doing a much more thorough job on job on them in terms of encryption, including including their backups, are also encrypted than perhaps they were a few years ago. So that severity has has taken a hit. And yeah, as a result of these, these losses that have had to be a number of changes across the market, so I mean, most most obvious pricing has has changed pretty drastically. But but also the access that insurers are willing to to have the coverage, they're willing to give the limits they will deploy. So yes, prices have have changed dramatically, but it's not. It's not just focused on pricing. Risk control, I think, is probably one of most important aspects that. If if an insured is not hitting a certain standard of of risk control, it may be that they become uninsurable until they have put measures in place to to increase that. So key points that that the market is saying is we need multifactor authentication across remote access.
Speaker2: [00:04:40] We need to ensure that the backups are being kept offline, that that companies are really giving sort of education and training to to their staff. So that's that's a very important point, and that's certainly going to continue to be be the case. Covid, of course, has has had an impact. I mentioned sort of remote connections. Obviously, a significant proportion of people have been and will continue to work from home. So we need to ensure that those remote connections are secure. I think COVID, if we weren't aware, already has highlighted how how important technology is to a lot of businesses and how we're how reliant we are on technology. So that's obviously impacted cyber. We haven't seen too many insurers, except the sort of cyber class of business, which is obviously good news. However, we have seen line size reduced quite dramatically where where insurers were putting out a 10 million line size, perhaps that's reduced to five. So capacity across the market has has reduced as a result. But overall, I think we've seen that the applicant is still very keen to purchase the product despite significant changes that they're fully aware of the environment in which both they and we are operating in. Some have reduced their limits of indemnity purchased as a result of the changes of the pricing or simply, they haven't been able to purchase the limit they once would once could. Sorry. So, yeah, some pretty significant changes over the last 18 months.
Speaker1: [00:06:28] Let's look at the landscape as well as as we are now in 2020, too. I guess if we look back at the previous year, ransomware was seemingly the hottest topic. Do you think it's going to be the same again this year or is there a new threat emerging?
Speaker2: [00:06:42] We don't see ransomware going anywhere for the for the short to medium term. I think we all acknowledge that it will. It will sort of slow down at some point and we certainly need to be alert the next threat. But but certainly this year, we're expecting ransomware to still be at the sort of trigger behind the majority of our cyber cyber losses. What we have seen over the last 12 months is sort of supply chain risk and vulnerability that that certainly is set to continue as well. So vulnerabilities within key software that malicious actors will look to exploit so they can impact multiple businesses at once rather than rather than just targeting a specific business. So, yeah, we do see ransomware continuing.
Speaker1: [00:07:37] Yes, we're talking about this year, but I'm going to give you the sort of, I guess you can say, the the job interview style question. Normally people get asked where they see themselves in the next five years, but I'm going to ask you what you see the cyber market over the next five years. How is it going to develop?
Speaker2: [00:07:51] We've seen some significant changes in 2021, and that will certainly continue into 2022. I think it's clear that the changes made last year, they were not enough to sort of reset the market. So there is still significant rate required across the market this year, and I think that will probably continue into twenty three as well. And we talk about rates. It's important to acknowledge that it comes in in various different forms. So yes, we've seen prices increase, but I think we've seen wordings remain pretty static. So it's likely that wordings will be will be looked at and and no doubt titans. I mean, but it's access, I think access and deductible will continue to be sort of a topic of discussion and no doubt increase, as well as we see the severity of losses increase access will follow that. I think rate adequacy is being spoken about a fair amount. When will cyber be hitting sort of rates adequacy? And I think we can be quite honest that. We're still not fully aware of of where rate adequacy has been, we've seen claims significantly increase and if that continues to be the case, then rate will have to follow. So it's still a moving, a moving dynamic there. I think how we are in a better place compared to some other lines of business is the tail on on cyber claims is significantly shorter compared to a professional indemnity claim, for example. So we are as insurer as able to react faster as the portfolio is deteriorating.
Speaker2: [00:09:40] We don't have to wait four or five years to see what an underwriting year is looking like from a from a claims performance side of things. I mentioned it sort of risk quality that has certainly improved over the last 18 months, so insurers have mandated changes and that's that's sort of resulted in minimum standards for cyber insurance that that is and it should certainly result in a lower claims frequency. So the portfolio should should see that coming through. I think five years the geopolitical landscape is, is, is very important as well. Tensions globally are likely to lead to more, more threat actors and ultimately cyber attacks. So. So that's very, very important. In terms of demand for the product, I think we've seen there is still very high demand for the product. And and again, businesses realize they have cyber exposure and they want to transfer that or a portion of that risk transfer a portion of that risk to insurance longer term. We all want to see a more sustainable product, but from a pricing and limits perspective, we don't want to see pricing access changing dramatically through year to year at. It's certainly not good for our clients and it's not good for for insurers either. So we want to see a more sustainable product. We need to acknowledge that cyber is still is still young as a class of business, so as we have further data within the markets that sustainability should follow.
Speaker1: [00:11:32] And you guys as well are obviously working tremendously well with brokers. If our survey is anything to go by, but give us some insight in general as to how insurers and brokers can work together to help their customers perhaps be more resilient to these cyber threats.
Speaker2: [00:11:48] I think the number one point on this is is education, education of cyber risk. Broke is insurers can certainly work together on this. We're certainly looking to to to to look a slightly more broadly as a business and and think about what do insurers want from their from their cyber product and and how can we work with brokers to develop the product further into something which provides more than just capital and a limited indemnity? Do they want a technology product alongside the insurance, for example? So what services can can insurers provide that? That helps and shirts? And there's going to be different approaches to this. There's there's not a one size fits all points of view, so we need to acknowledge that for the for the smaller sized businesses, they will need more support. And the larger businesses perhaps don't need the support in that from the technology side of things, but perhaps want want more support elsewhere from an insurance angle. So certainly acknowledging that and trying to sort of understand what we can do further with with brokers. I think what we have seen is that the first 48 hours of of an IT security event is is critical. So where we've seen insureds engage with third party vendors, see forensics legal, et cetera, when they're speaking with them prior to an incident that that certainly helps the situation when it when an incident were to occur. So the more insurers can do with brokers to encourage those conversations, I think the better, the better for everyone. Businesses need to have a plan in the event of a of a cyber incident, and I think brokers and insurers can certainly work together with with the experience that they've seen and their vendors have seen. So develop this and and share experience and education really. Number one point is education
Speaker1: [00:14:06] And getting back as well to those conversations that brokers are having and perhaps one of the most difficult ones they have on occasions is actually convincing the client that they do need this product. So do you have any tips for brokers in that regard in terms of what they can be saying to their clients to persuade them that, yes, this is really for you?
Speaker2: [00:14:24] It really comes back to knowing your clients and when you're when you're meeting that, that applicant really trying to think about what what is their cyber exposure and that allows you to talk in more detail around what cyber insurance can can provide. So it's understanding do they have a data exposure? Do they have a business interruption exposure? Once you've had that conversation, you can then bring it, bring it alive with with incident scenarios. I think there's a fair amount of data in terms of claim scenarios out there now, which which brings brings the insurance alive and and sees how it supports insurers during an IT security event. So, yeah, certainly understanding their exposure and how they can transfer that to insurance goes a long way in in both educating their clients, but also allowing what allowing them to see what cyber product can can do for them.
Speaker1: [00:15:31] Great advice. William, thank you very much for joining us. A huge congratulations again to QBE on being named a five star cyber insurance provider. I know the cyber market is going to be changing rapidly, so I'm sure we'll hear from you again in the near future for all of the latest cyber news and developments. Make sure you check out the dedicated cyber channel here at Insurance Business and join us again next time for more in-depth insights from brilliant experts like William here on Insurance Business TV.