Cyber-insurance market still struggling to meet demand

The cyber-insurance market has come to a crossroad, according to speakers at a recent event in London.

Industry experts at the Advisen Cyber Risk Insights Conference addressed whether cyber-insurance meets the needs of organisations and how potential property damage arising out of cyber-events should be covered.

Speakers tried to manage expectations, and especially the idea that the cyber-insurance market might be capable of responding to any loss event connected to hacking, cyber-crime, or system failure. The result would be an “unwieldy product,” said Stephen Wares, cyber risk practice leader for Marsh’s European, Middle East, and Africa office. Several speakers indicated that aggregation issues would overwhelm the market’s capacity.

“The way we’re feeling our way through, it’s a hatchet walk through a twisted forest, with people figuring out the best way to go,” said Michael Schmitt, vice president and senior underwriter for cyber and technology at Swiss Re.

Finding the right home

The term “cyber” doesn’t help matters, said Graeme Newman of CFC Underwriting, for an industry founded on the historical basis of protecting tangible assets. “If an oil rig blows up, it’s a property event. I don’t care if it’s the result of a hacking event,” said Newman, adding that no insurer would ever offer a full cyber-policy covering any loss arising out of a cyber-related peril. “The property market will realize that the cyber-market is taking all this premium for a very small risk.”

However, while the cyber market – a world focused on third-party liability for data breaches – is ill- equipped to handle physical damage risks, so is the property market, according to Matthew Hogg, underwriting manager, strategic assets, at Liberty Specialty Markets. The result is two markets at a bit of an impasse.

“The cyber-market doesn’t understand EML, PML, that’s generally not their speak. And industrial control systems are not really their field,” said Hogg, during a panel on cyber and property damage. Instead, the cyber-market offers an understanding of systemic risk, technological advances, and good relationships with third-party forensic firms.

“The cyber-market brings a lot, but it doesn’t do everything,” said Hogg.

Russell Kennedy, divisional director of political risk at Brit Insurance, commented that the property market should only cover cyber if they are capable of understanding the risk and what would trigger a cyber-related property loss.

“At this moment, they are not in the right place to offer it,” he said, predicting that a standalone policy would be a likely solution for cyber-related physical damage.

Andreas Schlayer, senior underwriter at Munich Re, agreed that property insurers should not be writing a risk they do not understand. “It’s the same fire risk, completely different exposure,” he said.