Cyber-cover is supposed to be getting better and better - so why is there so little being sold?
Just 1% of the world's cyber-risk is covered by insurance even though there are plenty of products available for those who need them.
Is this because cyber-products are no good - or would risk managers be eager to buy policies if they only knew about them? Mark Baylis reports on a recent debate at Lloyd's where this unsatisfied need for cyber-cover came under the spotlight.
Two opposing points of view came face-to-face in the Lloyd's debate, which was organised and chaired by Insurance Day. On the one hand a panel of four underwriters agreed (albeit to varying degrees) that buyers of cyber-insurance had never had it so good. Graeme Newman, chief underwriting officer at CFC Underwriting, told the audience that the market had "developed incredibly in the past twenty years," offering an "incredibly broad" range of cover. The market, said Matthew Webb of Hiscox, was "incredibly innovative".
These and other comments are a world away from the impressions gained by some risk managers. So, it was left to Airmic CEO John Ludlow speaking from the floor to act as party pooper: risk managers, he said, perceived that more and more exclusions were being applied to cyber-policies. Underwriters should get out more and speak to their customers.
John Ludlow challenged cyber-insurers about exclusions and urged greater contact with customers
The view of the panel was that, although not all insurance policies are the same, exclusions are actually getting fewer and fewer all the time as underwriters understand the risk class better. Helen Gemmell, an underwriter at Liberty Specialty Markets, said the market had evolved rapidly, though she acknowledged there were still gaps. One difficulty, she suggested, was that risk managers were sometimes unwilling to pay a realistic price for cyber-cover. Peter Armstrong of Munich Re suggested that, if anything, the market was too innovative for its own good.
This led to a brief debate about data and aggregation. Limited amounts of data and fears about the impact of exposure aggregation (especially among reinsurers) are a constraint on innovative underwriting. Nonetheless, the main problem appears to be one of poor communication. To quote Armstrong: "We need to reflect on how hard it is to buy this stuff". He called for better communication with customers. Underwriters, according to Gemmell, should ask whether customers are getting the product they need.
Insurers need to communicate better internally as well, the panel suggested. A property underwriter, say, may insert cyber-exclusions unnecessarily as a precaution because they do not really understand the risk. Yet that obstacle could be resolved quite easily if s/he were to approach a colleague who has a specialist understanding of cyber. Armstrong of Munich Re said that, where there was a higher scale of complexity (something likely to apply to Airmic members), the answer was to be found in sector-specific cyber-underwriting.
By way of conclusion, the message from the panel was that the market is becoming ever more adventurous as it gains in confidence and understanding of this type of risk. This may bring wry smiles of disbelief to some buyers, but maybe they should dig deeper to find out what their insurers really can offer instead of taking the first answer at face value. Cyber-insurance's day has yet to come.