Cyber risk – it’s not personalised enough says risk manager

Pundits point out that the insurance sector does not take enough risks to provide relevant products

Cyber risk – it’s not personalised enough says risk manager


By Allie Sanchez

It has become an accepted fact in the insurance sector that cyber risk is still largely terra incognito, with risk elements and profiles emerging only as technology, and its attendant dangers evolve.

Soubhagya Parija, chief risk officer at the utility New York Power Authority, said of insurance firms who offer such coverage: “Their assumption was that cyber risk was just one monolithic exposure attributable to all companies, which is not true.”

A CFO report said that the “industry is mired in ‘commoditization’—a tendency for insurers to package coverage before they have listened to clients about their particular needs.”

Andrew Bent, Sage risk manager for the Americas, observed in the report, “Commoditization does have the potential to slow innovation.” Still, he said “a commodity isn’t necessarily bad.”   

Bent’s company is a provider of accounting and payroll software.

He added that “the key to commoditization is not being so narrow you can’t write a meaningful policy. But there has to be a basis on which to write a policy.”

“One of the criticisms that the insurance industry has sometimes received is that it’s too eager to commoditize a risk before it’s totally understood,” Ben Beeson, Lockton cyber risk practice leader also stressed.

Want the latest insurance industry news first? Sign up for our completely free newsletter service now.

Similarly, Erick Dobkin, risk manager of Merck, said that there is a gap between the nature of cyber risk and the industry’s capacity to help customers manage it. He said that the risk “is evolving dynamically and the industry is very deliberative.”  

The publication also explained that there needs to be a deeper understanding of cyber risk on both sides of the insurance fence. According to the report, both insurance providers and risk managers need a better grasp of “interlocking” coverages which are needed to protect organizations from cyber risk.

To illustrate, the report pointed out that a certain organization might need professional indemnity insurance, legal liability to cover its software requirements, crime coverage as protection against illegal activity engineered through a company’s systems, and coverage for a company’s infrastructure for damage that may result from hacking.

“Insurers really need to think of the program from their client’s perspective. It’s not always a matter of what’s in the market and available to buy. It’s ‘what are the needs of the client?’” Parija concluded. 

Related stories:
Ransomware: The good and the bad for cyber insurers
How to take your program business to the next level

Keep up with the latest news and events

Join our mailing list, it’s free!