"The underwriting industry is probably the most risk-averse industry there is," complained insurance manager Alison Quinlivan. A former broker, she returned to the UK after eighteen years in the USA and found the City to be pretty much the same as it was when she had left, with precious little difference to the policies or the way of doing business.
There is insufficient customer interface or focus on what the customer actually wants, she said. "The bits of a cyber policy that are missing are the ones that are most needed." She also chided insurers for doing too little to develop new types of cover, such as parametrics.
Whilst having some sympathy with these comments, Laila Kudhairi of Tokio Marine responded that parts of the market were quite prepared to take the "leap of faith" required to cover emerging risks. She did, though, point out the challenges posed by a shortage of data, capital and modelling requirements, uncertainty over GDPR and the demands of the regulators.
The panel from left to right: Adrian Ladbury, Commercial Risk Europe, Greig Anderson, Herbert Smith Freehills, Alison Quinlivan, Insurance Manager, Laila Khudairi, Tokio Marine Kiln, Grame Newman CFC Underwriting
"We really don't know what a one-in-a-hundred-year event is for cyber," she pointed out. And uncertainty will normally be reflected in higher premiums. Price, in her experience, was more likely to be a stumbling block than the insurance product itself. She did, though, acknowledge that lack of capacity was another issue.
Graeme Newman of CFC Underwriting was bullish, "We're making very big bets on certain events," he told the audience, despite very daunting numbers. The main difficulty, he said, was to define cyber, which means different things to different people.
"The cyber market has done an incredible job"
"The cyber market has done an incredible job," he said, paying out hundreds of millions and saving companies that would otherwise have gone out of business. Pointing out that data was systemically important to companies, he said that insurers were playing an important role in providing risk management advice to clients.
Greig Anderson of law firm HSF said that a significant part of cyber-risk was already covered, partly by conventional insurance. In fact, cyber need not be that complicated. Policyholders and brokers could do more to get the coverage that is already out there right. "Those policies do seem to work," he said, "but they only cover certain risks."
The panel chair, Adrian Ladbury of Commercial Risk Europe, started a discussion about whether cyber policies should be stand-alone. Whilst there was a view that they should be integrated into other types of policy, he observed that recent surveys of German and Italian risk managers found that 70% preferred the stand-alone approach.
In his closing remarks to the day, Airmic CEO John Ludlow strongly advised members to understand their intangibles assets and risks such as reputation, intellectual property and data before trying to buy coverage.