Spotlight: Cyber - Unlocking opportunities for insurers and brokers in a shifting market

The Cyber Risk Survey 2020 conducted by Post in association with Cyberscout provides some great insight into claims activity and changes in the cyber landscape. Employers are offering more flexibility in how jobs are carried out due to the Covid-19 pandemic and companies must be aware of the heightened risks remote work could bring.

The results of the survey also point to potential opportunities in the cyber marketplace and ways insurers and brokers can raise awareness and offer new products and solutions to help customers assess and mitigate cyber risks. Ensuring small and mid-sized enterprises have the right cover in place is key as employees settle in to working from home over a longer term than originally anticipated.

In reviewing the survey’s responses, the connection between claims data and product demand is out of sync. The majority of respondents said they haven’t seen a change in the volume of cyber claims or the size of value per cyber claim. One-third of respondents said they didn’t perceive any market need from customers for personal cyber products. But have claims really remained static, and is that because they aren’t popular in the marketplace? 

Types of incident

In terms of real-world activity, incidents have actually increased. The disconnect may stem from the types of incidents that are occurring. These incidents aren’t generating claims because they’re the type of cyber events where good advice and coaching – an expert who can take people through the steps to resolve their issues free of charge – reduces the need for a claim to a large degree.

The level of complexity that exists in many of today’s incidents is also changing. There’s been significant fraudulent activity around the government benefits and incentives provided as a result of the pandemic.

Those problems are far more complex and take longer to fix than other incidents. Successfully untangling them requires a service provider at the ready that can shepherd people through the often lengthy, arduous process of resolving their fraud issue rather than just focusing on the financial reimbursement. The financial numbers may not be going up, but the service burden is increasing and it’s making that element of the product all the more important. 

Also dominant among the survey’s highlights was the lack of cyber expertise that exists within most carriers. On the commercial side, 80% of respondents cited this knowledge gap as a barrier to launching a product. Even for personal lines, 26% said they didn’t have the in-house resources to develop a product and get it to market. This is a major miss for carriers as SMEs and individuals struggle to fight back against ransomware attacks, phishing schemes and other increasingly sophisticated cyber threats.

One factor holding insurers back when it comes to creating new cyber products is the industry’s heavy reliance on past results as a predictor of future risk. By its nature, cyber is highly dynamic and its risk over time is also dynamic – past performance is not an indicator of future risk.

An example of this is a small business that suffers a cyber attack and makes a claim for it. Rather than being more likely to experience another incident down the road, the access to top-level experts (which they typically can’t afford themselves) means that SME comes out of a security event at a lower risk going forward. They probably aren’t going to experience another attack because they were able to repair the damage, identify vulnerabilities and enhance their protective measures.

Perceptions of weak demand for personal cyber products may also stop carriers from developing new solutions, causing them to miss important market opportunities. After launching several programs in the UK market for personal cyber, those carriers’ accounts have grown exponentially. Simply by adding a cyber endorsement to their personal lines book, annual gross written premium increases to the tune of £8m in just over three months are not unheard of.

Those results required a strong marketing and rollout strategy, but challenge the notion that market interest in personal cyber is tepid. In fact, it’s heating up as consumers conduct more transactions from home and companies must support remote access for employees at an unprecedented scale.

Considering today’s shifting cyber environment, looking at risks on an individual level and trying to price risks using the traditional insurance structure isn’t going to lead to good, profitable results over time. As we watch the tidal wave of ransomware crashing over the businesses that purchased standalone insurance policies, the insurers focused on that kind of risk are seeing the worst results many have ever seen. 

It is imperative that these mid-market companies look at expanding their risk portfolio into lower-risk, mass-market categories. That means doing personal lines of cyber insurance as well as cyber insurance for very small businesses. This strategy allows for evaluating and managing risk on a portfolio basis, where a product is distributed widely enough to drive sufficient premium to absorb the slightly higher risk losses that may occur. Insurers can then begin to deliver products and services on a blanket level to positively impact their overall portfolio risk, as opposed to trying to drive down risk at the individual customer level.

Inertia in the sector

This circles back around to another element behind the inertia that permeates the insurance sector. Where carriers typically prefer to keep things the same, cyber policies become less effective as they age. If the core elements of a cyber product are more than five or sometimes even just three years old, they’re no longer as relevant for the risks individuals and small businesses are facing today. It’s absolutely essential that cyber insurance products undergo regular refreshes to remain aligned with new threats. This was true before the pandemic but the current digital environment only heightens the need for ongoing enhancements.

With the survey’s results in hand and an understanding of the barriers to entry in the cyber sphere, it’s easy to see why true innovators are behind most new cyber product launches. Those insurers that are nimble and responsive are well positioned to develop solutions that meet the needs of today’s SMEs. It’s the insurance companies that want to advance their reputations and engage with people in new ways. Carriers and reinsurance brokers that can proactively address customers’ needs for a comprehensive cyber product – and that can tap into top-level expertise to make them profitable – are succeeding in a marketplace that is still evolving. They’re providing the majority of the innovation around these products, bringing in partners with experience about how to make these programs work. And that’s not just around product development, but ongoing support, promotion and rollout of those programs.

Sponsored