COLORADO SPRINGS — Senior P&C executives have sounded a cautious note on the exposures of cyber insurance, questioning whether the insurance industry has a firm grasp of the risks involved or could provide adequate limits for rapidly increasing exposures.
AIG President and CEO Peter Hancock told an audience at the CIAB Insurance Leaders Forum here this week that damage from cyber attacks has proven to be much broader than imagined.
He noted that although the cyber insurance market has developed since AIG first started writing it in the 1990’s — with broader cover and higher available capacity — serious capacity constraints remained for the most vulnerable.
“For banks, for example, the market can put together somewhere in the region of $400 million of cover,” Hancock said. “They need an extra zero on the end of that number to get close to what keeps them awake at night.”
Speaking to Advisen at CIAB, Dan Riordan, CEO for Zurich Global Corporate in North America, concurred: “Corporations are looking for carriers to provide more limits and coverage,” he said.
“Limits and capacity are not enough today. Losses are increasing in scaleand now could be in the billions of dollars rather than the hundreds of millions,” he added.
Riordan noted that Zurich offers a Security & Privacy product for businesses that covers losses caused by a cyber security breach including the costs of responding to a data breach, costs suffered by others due to a breach, and direct losses to customers like business interruption loss and digital asset replacement. Currently Zurich’s Security & Privacy product does not cover property damage losses.
“You have to take a step before you can run,” he told Advisen.
Hiscox USA Chief Underwriting Officer Gary Head, questioned whether carriers understand the real risks that they assume on writing a cyber policy.
“We wrestle with whether people understand the scale of the bet they’re taking when writing cyber,” Head said. “ The market can confidently model a property risk – and know how much capital to hold against that risk. Carriers struggle more in the cyber world because they don’t know with certainty what a 1-in-200 year event looks like.”
“Both on a volume level and in terms of financial impact, a carrier must be sure it can pay its claims should an event equivalent to a Cat 5 hurricane occur,” Head added. “At Hiscox we strive to be known for great underwriting, superb service and a powerful brand. Part of that involves managing our aggregates and exposures very carefully to ensure that we can meet claims.”
Arch Insurance President and Chief Underwriting Officer at Arch Worldwide, Mike Murphy, told Advisen that the risks were not yet fully understood by anyone, whether corporates, governments or underwriters, so that cyber is not yet underwritten well. “Rather we are putting down bets without any idea of the odds,” he said.
Talking about the growth potential of the risk, however, executives recognised that cyber was a “transformative” risk that would become a core segment of the insurance industry in the future.
CNA Specialty President and COO, Mark Herman said: “There are some market-changing events that require a re-think on pricing and underwriting, rather than minor adjustments. Cyber is one of those. However, until it finds maturity, there will be continuous adjustments to how the insurance market deals with it.”
Gary Head said that in ten years time, “most commercial entities in the developed world will buy some form of cyber cover”. He predicted that cyber would be “as big as, if not bigger than”, other specialty markets including professional or executive lines.