Industry Updates
Panel: Cyber Insurers Must Be Agile in a Market in Its Infancy

• Timothy Darragh
• November 2021
• 

The cyber insurance marketplace is still in its infancy and requires agile insurers aware of the threat environment and their customers' needs, a panel of experts said during an online presentation in September.

Models are helpful in setting direction or strategy, but they cannot precisely assess cyberrisk because the field is still young, said Sridhar Manyem, director of research and analytics, AM Best. “The static risk model is not going to be enough,” he said during the panel. The cyberthreat environment is “hugely dynamic and the risks are constantly evolving. So you need to make your models agile.”

Speakers addressed the Inside P&C North America conference panel, “Cyber: New Risk Comes of Age.”

Evan Taylor, senior vice president at NFP, said there is opportunity for companies to develop new models for cyber coverage. “I think modeling for cyber … is still in its infancy compared to other lines of coverage,” he said. “Things are getting better, but there simply isn't a ton of historical data to use from a modeling standpoint. So I think there's a lot of room for development here.”

In the same vein, Manyem said pricing cyberrisk also is “very much in its infancy still.”

Unlike other lines of insurance such as workers' compensation, where employers can measure their risk based on the number of employees, there remains “no consistent unit of exposure” for cyberrisk, he said.

Pricing is only one of the issues cyber insurers have to consider, said Elizabeth Johnson, chief underwriting officer, North America, Ascot Group. Insurers need to take a holistic view, she said. “This particular segment and product can't just be about pricing,” Johnson said. “It has to be about all the other elements that go into it—terms and conditions, risk selection, portfolio makeup and making sure that you're partnering with the right client.”

As to whether managing general agencies are finding enough capacity to cover the risk, panelists said MGAs are in challenging times. “Capacity is definitely going to be a struggle,” Taylor said.

“I think the commitment is still there,” Manyem said. “I think it's just … the frequency and severity of cyber losses probably has made them deploy capital a little bit more prudently. They're a very important point of the value chain.”

MGAs that offer extra value to their customers through prevention and incident response planning and the like will differentiate themselves from the pack, he said. “Over time, companies are going to take them up on that because it will drive premium,” he said.

Meanwhile, companies looking for coverage should expect to bear more of the cost through coinsurance and sublimits, Taylor said. “I think that's going to continue for the next several years,” he said.

Panelists also said MGAs and insurers that are willing to work with small and medium-sized companies that lack the personnel and resources for full information technology staffs will find opportunity for growth.

“We need to focus on ways to bring in new buyers,” said Erica Davis, managing director and global co-head of cyber at Guy Carpenter. “That's one way we'll see MGAs become more successful … We need to make the coverage more relevant and more accessible to those in order to develop a really robust and sustainable cyber market.”

For small and medium-sized businesses, the question is how are they going to spend their risk management dollar, Taylor added. It could be through purchasing insurance or in hiring an IT expert, he said, noting it's up to brokers to understand companies' needs and to educate them on how to best fill those needs.

It is also up to insurers to make sure they are up to the task of understanding the rapidly changing landscape, Manyem said. Insurers need to do a better job attracting talent to the industry, especially talent well versed in technology and the risks involved, he said.

The panelists also said government involvement with the industry would help grow the market. Industry leaders and government can get together to frame a more comprehensive solution, just like TRIA encouraged 20 years ago for carriers to take on more commercial risk, Manyem said.