The stakes are extremely high for insurers when it comes to cyber risk, as losses from cyber related events and shortcomings begin to show up in diverse product lines that have not historically contemplated and priced for those scenarios.
The warning came from Ryan FitzSimmons, assistant VP, underwriting at Great American Insurance, who held up events like the Target data breach and subsequent shareholder derivative lawsuit as ushering in a new battery of questions that underwriters are using to try and understand and price these risks.
“Take for example Directors' and Officers' Liability. Only recently did D&O underwriters begin to understand the financial implications of poor network securities. How'd you like to fund both Target's data breach remediation and their shareholder settlement? Would doing a good job on the former help minimize the latter? And that's just one example,” said FitzSimmons. “Understanding how those risks and others are related, recognizing and managing the aggregation points, and at the same time helping agents and insureds to appropriately identify and minimize those risks will have major implications for insurers top and bottom lines.”
FitzSimmons was speaking about key topics to be discussed at the Optimization of Insurance Products and Policies for Cyber Risk Conference, in New York February, hosted by Global Financial Markets Intelligence.
His take is that while there is a tremendous opportunity for growth, with some predicting global cyber risk premiums to exceed US$10bn in the not too distant future, there are also a lot of opportunities to make mistakes.
From a competitive standpoint, FitzSimmons said it's obvious that if an insurer doesn't offer solutions to confront the risks related to data and privacy then its competitors certainly will. But at present, a lack of standardization in pricing models is resulting in large variations in both pricing and terms and conditions within the cyber risk insurance marketplace.
It's also making it difficult for brokers to explain to buyers what underwriters are looking for in terms or what constitutes a big risk or a small risk or even a good risk as opposed to a bad one.
“When insureds don't feel like the price they pay is reflective of their risk they don't buy insurance, it's as simple as that. Until we can standardize some of these pricing elements, we are going to struggle to sell policies to the vast majority of businesses,” he said.
But, with the industry already starting to see many markets make significant adjustments to rates, terms and conditions, and appetite, the future will likely look very different from the past.
“There will likely be a culling of the herd as some of the more recent, less committed capital exits the mono-line marketplace and, at the same time, I think it's very likely that many rider/endorsement based solutions that give on one hand and take away on the other will continue to be attached to various other product lines,” FitzSimmons said.
“The elimination of sublimits is already well underway and is likely to continue and longer term should clear the path for a more standardized approach to the way policies are organized. However, there will always be industry specific niche players with more tailored products than those offered by generalists,” he added.