The cyber insurance and reinsurance market is likely to be unsustainable if it continues on its current path, but better use of data and more informed regulation may offer a solution.
This is according to Ben Beeson, Founding Member and Head of Insurance at Arceo, a risk analytics provider for the cyber re/insurance market, who spoke to Reinsurance News about where the sector might be headed.
“The market has not grown as quickly as it should have,” Beeson explained. “The best estimates are that the size of the market is roughly $4.5 billion gross written premium today. It should be much bigger than that, if you think about the size of the risk and how it impacts everybody.”
“And yet, because it’s arguably perceived to be the biggest opportunity in the insurance industry, there’s still more capital entering the market looking for growth. And they’re not all finding it.”
Compounding the problem is a lack of premium outside of the US market, and the fact that the top five carriers control somewhere in the region of 40-50% of the market, Besson noted.
“So think about that in terms of the other 100 players trying to go after the rest of the premium there,” he continued. “That is a problem. It’s a problem because it doesn’t lead to better underwriting, to better evaluation of risk because people are chasing market share, chasing rate. We’ve got to correct that.”
Regulation will likely play a key role in curtailing this kind of behaviour, by providing incentives for the industry to fully address the cyber risks the cyber risks it is taking on.
The recent announcement from the UK’s Prudential Regulation Authority (PRA), for example, will require Lloyd’s syndicates and the wider UK re/insurance industry to more effectively manage their silent cyber risks by 2020.
“I think that’s very welcome and not before time,” said Beeson. “Silent Cyber is the biggest issue right now and regulators are going to drive it right out into the open.”
However, the belief at Arceo is that regulation needs to be combined with new technologies and data capabilities to promote a more robust and sustainable cyber market.
“The insurance market – those involved in cyber – has long complained that there’s not enough data available to accurately price and evaluate cyber risks,” Beeson explained.
“Our belief is that’s not correct– the data is there. It’s just you’ve got to get it, you’ve got to make sense of it, and then you’ve got to deliver it in a way that is usable depending on who wants to use it. The challenge is how to deliver that data in a market which still today is over-capitalised and very competitive with rates dropping.”
“By getting the right data in the right hands, the industry can help raise corporate security standards, and at the same time, make better informed underwriting decisions – meaning much greater market sustainability.”
Arceo aims to facilitate this process by acting as bridge between the re/insurance and cyber security industries, which it believes are often speaking different ‘languages’ in their approaches to understanding risk and exposures.
“The insurance industry is uniquely positioned to be able to incentivize its customers to improve their risk posture using financial levers,” Beeson noted. “You make it more difficult for the bad guys and the economics shift. Suddenly, their business model is not so lucrative, and they go elsewhere.”
Beeson concluded that the sustainability of the cyber re/insurance market’s will not be truly tested until a major ‘cyber hurricane’ occurs, which would involve a single unforeseen event causing multiple losses across carriers’ portfolios.
“That hasn’t happened yet,” he remarked. “We know it’s coming, and I think the good news is the industry is much more aware of it than a couple years ago and starting to take action.”