The cyber insurance market is booming – and it has a lot more room to grow. But only a decade ago, cyber was still a fledgling line of business, and insurance leaders were grappling with how to develop products that would protect clients from the workings of cyber criminals.
It was during this time that Tim Francis joined Travelers as a second vice president; three years later, in 2008, he took on the role of enterprise cyber lead. Francis began his insurance career at Executive Risk in 1995, where his focus was primarily in the management and professional liability arena, with a heavy emphasis on errors & omissions coverage.
“Cyber really developed out of those lines of insurance,” he says. “Since the beginning of my career, cyber has become a product that went from something that somebody might theoretically buy to a major line of business unto itself.”
While Travelers had some cyber products in its arsenal before the turn of the millennium, the insurance carrier had a lot of work to do to expand its offerings in this space. It here was a challenge that Francis and his team faced head-on.
“We had a couple of specific industries where we could provide cyber coverage, but we didn’t have a policy form or an underwriting strategy that was wholly encompassing across broader industry groups,” he says. “We developed a team, and I drew upon some relationships with people outside of the organization. That was a big challenge – to develop not only a policy form in a new line of business, but also an underwriting strategy, and getting the right framework in place that would help us fulfill the needs of our customers.”
Fast-forward to 2018, and Travelers’ investment into cyber has paid off. Huge potential remains in this space – Munich Re projects that the market will double by 2020 because of the growing popularity of connected devices and the concurrent rise in risks they bring. However, the predictions of market growth present both challenges and opportunities for insurers.
“Part of that growth is fueled by an ever-increasing awareness that our customers have of their cyber exposures, and the value and need for cyber insurance solutions to help them address those exposures,” Francis says. “The challenge that we have, and one of the parts of my job that I most enjoy, is being able to work with a team to educate customers on their exposures and provide risk management advice on how to avoid them in the first place.”
The education piece is becoming increasingly critical as more companies fall victim to hacks, breaches and ransomware. The 2018 Travelers Risk Index reveals that cyber remains the second highest risk concern among businesses overall. One in five businesses has experienced a data breach or a cyber attack – double the percentage that reported suffering a cyber incident in 2015. Yet despite the fact that 52% of the 1,200 business leaders Travelers surveyed believe a cyber attack is inevitable, half of respondents indicated that they haven’t purchased cyber insurance.
“I was actually floored that only half said they don’t buy, so I think that’s certainly a positive trend,” Francis says. “I think there is still work to be done as an industry to educate agents, brokers and ultimately customers on the value of cyber insurance. We need to let them know that it’s moved far beyond just the data breach and privacy scenarios. Cyber coverage can provide a host of other solutions and services – that’s still low-hanging fruit in terms of helping the industry grow even more.”
An unknowable future
Just as it was difficult to foresee in the early 2000s the impact that cyber events would eventually have on businesses and individuals, there’s no crystal ball to reveal what the market will look like in another decade.
“[We need] a healthy dose of understanding of what might be over the horizon, in terms of threats that we might not be aware of or might not even anticipate that, in the next year or two or five, might be impacting our customers,” Francis says. “While cyber insurance solutions change and evolve rapidly, it’s a constant challenge for insurance solutions to adapt at the same pace that cyber vulnerabilities manifest and affect our customers.”
Travelers’ strategy involves bringing together key players to ensure that the insurer is prepared for whatever might affect its customers as the threat landscape evolves.
“As we think about the value proposition that we bring to customers, it’s not just – and sometimes not even mostly – about the coverage itself,” Francis says. “It’s got to be the right coverage for that customer, but it also has to be matched up with expert claim handling capability, and we’ve got a dedicated claims team that does nothing but manage cyber claims. When there’s a cyber event, we need to deploy experts in cybersecurity to do forensic investigations in terms of what happened – was data compromised; is data being extorted; can we retrieve that data – and there’s a whole industry and network of specialists that we have access to that are critical to providing a solution to our customers.”