Panel: Captive Insurers Cautiously Venture Into Cyber Coverage
The use of captives to manage cyberrisk may be a perfect solution for Main Street businesses. See the Best's Rankings list of the Largest Published, Rated Single-Parent Captive Insurers — 2022 Edition.
- Lori Chordas
- October 2022
A panel of insurance and cyber experts said some single-parent and group captives have expanded their offerings to include cyber liability coverage, but have been conservative with the amount of risk assumed.
Panel members speaking with AM Best TV at the Vermont Captive Insurance Association conference in Burlington, Vermont, were Jack Kudale, founder and chief executive officer of Cowbell; Dennis Silvia, the executive vice president of Davies Captive Management; and Fred Eslami, an associate director at AM Best.
Following is an edited transcript of the interview.
How are captives covering cyber for their parents and members?
Eslami: We have seen that single-parent captives and group captives are relatively the most dominant captives who include cyber within themselves. Group captives usually do that because they want to have a menu that their members can pick from so they don't have to go outside the captive and shop around for cyber, for example. At the same time, these groups provide limited limits, so to speak.
“We have seen that single-parent captives and group captives are relatively the most dominant captives who include cyber within themselves.”
It's not aggressive. The type of coverage is well defined so that the members can pick from that option. For the single-parent captives—and let me emphasize on the maturity of the single-parent captives—then it's a longer process. They're the most intimate with the ERM (enterprise risk management) of the parent company.
They understand the relationship between the employees, the HR, the treasuries, and they understand what they experienced in terms of cyber losses. They're able to devise along with their captive managers and other partners to include cyber at a minimum retention or depending on what they end up providing to the parent company.
How is that coverage being designed for captives? Are the limits being offered large, or are they limited?
Silvia: You think about cyber in the sense of a marketplace that has limited capacity, generally. It's a classic captive application. The problem is that the limit of insurances being offered from the traditional market is low because cyber is confusing and difficult to underwrite coverage. We've often recommended that our clients, rather than getting full force in with large limits that are offered autonomously by the captive, should seek out the assistance of a front company who understands from the perspective of underwriting coverage limitations, policy forms, etc.
Then, get involved in some sharing with them either on taking a lower level loss so that they're involved in things like notification to people who have had their information compromised, for instance, or some quota share arrangement. I just think that to step into those waters that are very deep and you don't see the bottom, for a captive that's not experienced in those things, is dangerous.
We've taken a more conservative approach with our clients in recommending how they get involved in captives. To answer your question, lower limits typically, or some quota share with a partner that really understands the business.
Cowbell announced a cyber insurance captive, Cowbell Re, earlier this year. Can you tell us about the impetus behind that?
Kudale: As you know, Cowbell specialized in cyber insurance. We're really known for our approach to underwriting, which is really based off of continuous underwriting and the proprietary ratings factor, the Cowbell factors that we base our underwriting precision on.
It was really the underwriting results and the precision of our underwriting that really led us to get more confidence and participate in the quota share on our programs. We set up Cowbell Re at the beginning of January earlier this year. We now take just up to 10% of the quota share on pure pro programs.
What is the most appealing aspect of creating a captive that's dedicated to cyber?
Kudale: As alluded to my panelists here, cyber is a hard market and it will likely remain that for the near future. In a supply-constrained environment, when you have a risk-sharing partner, it has really allowed us to get a reinsurance panel, about 15 A-rated reinsurance on our panel. That wasn't the case prior to us participating in the risk, prior to Cowbell Re. It has been one of the most appealing parts, where we now have more participation on our programs than it was prior to Cowbell Re.
Any thoughts to share about the appealing aspect of creating captives dedicated to cyber?
Silvia: It certainly spreads the risk across this larger pool of reinsurance. It makes it a less risky proposition for the captive, who is probably the least funded of all the different entities that might be involved. It does allow them access to coverage, which, if that wasn't the case from a supply-and-demand perspective, then essentially they'd be on that risk all their own. Again, a classic captive application.
Eslami: The continuous underwriting mentioned is very important for cyber because you have to be there all the time, every time that policyholders are doing business. That's the benefit that MGAs or captives like Cowbell Re provide to the market.
Do captives remain underutilized in addressing cyberrisk, and do you see that changing anytime soon?
Silvia: They are, and mostly because people are afraid of the risk. You can build into risk management programs for things like auto liability or for workers' compensation. There are very clearly defined risk management tools that you can use. There is a feeling, though, that from a cyber perspective, you really are at the mercy of people who are not predictable, pirates, hackers, etc., so it makes it a little bit difficult.
What we're seeing is that those activities are actually not just reserved for the biggest corporations in the world. Now they're coming into Main Street businesses. These things are crippling. I've read statistics that say that a smaller business that undergoes some cyberattack often doesn't survive as a business and that they are literally destroyed as a result of it.
You've got this very powerful dynamic that says you need this coverage. Then, on the other side of it, you've got the other part that balances that says, but it may not be available or not available at a price you can afford. Captives, again, a natural place to go with it. Just need someone to take their hand and bring them into that world in a way that makes sense.
Any thoughts to share?
Kudale: There are four out of five small to medium-sized businesses that do not have cyber insurance coverage. Most of the small businesses with an average ransomware cost just under $200,000 for a very small business. It's very hard for them to reopen the business on Monday if there is a ransom attack on Friday night. This is where the entire closed-loop risk management is. It's not just about continuous underwriting, it's about also participating in risk-taking and helping those businesses improve their risks along the way, whether they're policyholders or not, is very important going forward.
Eslami: I agree with Jack and Dennis that captives are young, this whole risk is young, and it takes time and maturity for the industry to accept the risk within the captives.
Largest Published, Rated Single-Parent Captive Insurers — 2022 Edition
Captives were ranked by 2020 gross premiums written.
|Ultimate Parent Name
||Solen Versicherungen AG
||Royal Dutch Shell plc
||Jupiter Ins Ltd
||Noble Assur Co
||Royal Dutch Shell plc
||Amer Road Ins Co
||Ford Motor Company
||Kot Ins Co AG
||Vine Court Assur Incorporated
||Dorinco Reins Co
||Eni Ins Designated Activity Co
||Castle Harbour Ins Ltd
||Greenval Ins Co DAC
||BNP Paribas SA
||Agrinational Ins Co
||Archer Daniels Midland Company
||Stellar Ins, Ltd.
||Saudi Arabian Oil Company
||Spirit Ins Co
||Queen City Assur, Inc.
||Builders Reins S.A.
||ACS, Actividades de Construcción y Serv
||AES Global Ins Co
||The AES Corporation
||Toyota Motor Ins Co
||Toyota Motor Corporation
||Enel Ins N.V.
||GreenStars BNP Paribas S.A.
||BNP Paribas SA
||Harrington Sound Ins Ltd
Source: and AM Best research data as of Sept. 2, 2022.