Cyber risk is defined as any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems. Cyber risk is evolving and increasing as digitalisation and inter-connectivity have redefined how individuals live their everyday lives and businesses operate.
Certain factors make cyber (re)insurance unique. It is an immature product, so there is no commonly agreed set of coverage and there are inconsistencies in policy wording and approach. Penetration is currently low, especially with SMEs. It is much more than just an indemnity product, as the pre- and post- loss services are integral. Regulation (e.g. GDPR) is continually changing. And finally, the risk of accumulation (the biggest issue from a reinsurance perspective) as a potential cyber “catastrophe”, is not limited by geography, industry/sector or time.
The cyber risk landscape has evolved in the last 20 years. In 2017, the cost of ransomware attacks to the global economy was USD 5 billion (compared to USD 325 million in 2015).
Today’s digitalised world means that there now new ways for policyholders’ lives to be disrupted. Data security is truly in their focus and cybersecurity needs to be embedded in both personal and business risk frameworks. Insurers need to not only ensure that insureds’ data is safe, but also provide pre-loss (e.g. training, risk management) and post-loss value-added solutions (e.g. forensic evaluation notifications, data recovery).
Increasing cyber activity and regulation has fuelled a demand for cyber risk products. Mutual insurers need to consider the right solutions for their customers, the right partners to assist, and the right back-end risk transfer (i.e. reinsurance).
Cyber offers an opportunity for mutual insurers to innovate in order to match the huge demand for protection as exposures increase. By offering solutions which cover members’ exposures, mutuals are well positioned to build solutions that respond to the needs and coverage requirements of their policyholders. The value-added services also fit well with the mutual ethos that policyholders’ concerns are the priority of the insurer throughout the term of the policy: before, during and after a potential claim is made.
In terms of developing a cyber solution, mutuals could face a number of unique challenges due to their ownership structure and member profile:
- Product – need for a tailored-made solution for membership group
- Accumulation – homogeneity of membership (eg in the same location or the same industry), means that the accumulation potential is much greater.
- Pricing – lack of granular data and knowledge of risks presented by their membership (unlike other traditional risks, which they would have a deep understanding of due to proximity to customer/industry)
- Market – increased competition from stock companies offering cyber products as an aggressive growth strategy