A.M. Best has reported that the assessment of cyber risk continues to remain a top enterprise risk management (ERM) priority for insurers and reinsurers, as InsurTech innovations have required companies to continually expand and enhance their risk management capabilities.
The report contends that, as companies try to keep up with the pace of technological change, the globalisation of capital markets, and other macro-environmental changes, it becomes necessary for them to continually refine and enhance their ERM programs.
As the re/insurance industry modernises the customer experience through the integration of new technologies, these efforts also introduce new cybersecurity risks.
A.M Best observed that re/insurers themselves are also vulnerable to these cybersecurity risks, with the threat of cyber attacks requiring companies to continually manage risks like business disruption and data theft .
Additionally, for insurers that underwrite cyber, focus on coverage limits and aggregation risks from industries is critical, and policies must carefully establish risk appetites, controls, and reinsurance.
Other cyber challenges involve the identification of risks and the appropriate implementation of mechanisms to quantify and mitigate exposures.
A.M. Best maintained that, whilst preventative measures like phishing exercises and penetration testing are effective tools in diminishing the likelihood of an attack, companies must also have well-defined action plans prepared in the event of a cyber breach.
However, the report also found that there had been meaningful improvements in areas like operational risk, model validation, cyber risk management, and stress testing.
The ratings agency claimed that life insurance risks are also a critical ERM concern, with mortality, morbidity, and longevity risks being introduced into lines of business in which products are relatively new, and in which experience has not yet fully developed.
Finally, it proposed that the U.S Health segment’s operational risk, in terms of expense ratio risk, legal and regulatory compliance issues, and the integration of M&A transactions, is more significant than property and casualty (P&C) or life insurers.
