The E-merging Risk that Keeps on E-volving: Cyber
Property/casualty insurance experts may not agree on everything but there is a consensus that the most important emerging risk for the industry remains the five-letter word: CYBER. It is not new, of course, but it stays atop emerging risk lists because of its dynamic and pervasive nature.
Insurance Journal defines emerging risks as those that are new and not yet widely recognized, or perhaps recognized but not well understood. A number of industry leaders explain why cyber remains such an important risk to watch.
Not Slowing Down
The number of data breaches and the average costs of cyber-crime are rising every year. These trends show no signs of slowing down. In fact, cyber risk is becoming more concerning as crime-as-a-service gains popularity and artificial intelligence technologies are used more frequently in attacks. Internet of Thing devices are increasing the attack surface and providing more ammo for hackers. One of the more difficult aspects about insuring cyber risk is the dynamic nature of the risk. Just a few years ago, cyber-attacks primarily involved stealing private credit card and health information from large companies. Today, cyber criminals focus on completely different tactics for making money, such as locking out users from computer systems using ransomware, or secretly hijacking computers to mine cryptocurrency. And large corporations aren’t the only targets. According to an ISO analysis, 80 percent of cyber breach victims in 2017 were small and medium-sized businesses. — Neil Spector, president, ISO, a Verisk business
Keeping Up with IoT
The biggest risks involve cyber crime. Under “emerging risks,” one of the biggest is the Internet of Things (IoT), and the cybersecurity risks created by billions of interconnected devices. The challenges for agents and brokers multiply in regard to understanding the potential implications, such as IoT devices in homes and businesses — tracking sensors, fire/flooding/intrusion warning devices and more. Agents need to be aware of the questions to ask clients to ensure they are offering complete coverages. They need to be vigilant in keeping up with the IoT devices emerging at an astonishing pace. — Robert Rusbuldt, CEO, Big “I” Independent Insurance Agents & Brokers of America.
High Severity
There are many scenarios where cyber risk comes into play, but one example is related to vehicle systems. Luxury automobiles, for example, have up to 150 or more computer programs that impact vehicle performance. Tractor trailer technology is also advancing rapidly, and just one of those systems being hacked could have catastrophic results. WSIA conducts a biennial survey of members regarding emerging issues. Cyber exposure jumped in priority this year, with members agreeing the issue has high severity in terms of current impact industrywide. — Jacqueline Schaendorf, president and CEO, Wholesale & Specialty Insurance Association
Cyber Property Damage
One definite area of emerging peril is the threat of substantial property destruction caused by intrusions into sensitive computer networks and connected hardware devices. Long gone are the days where the worst aspect of cyber vulnerabilities amounted to stolen credit card information or lost privacy. Instead, a new breed of cyber exposure is unfolding whereby energy infrastructure facilities and other industrial works have been targeted with cyber attacks causing explosions, wreckage and business interruption. Most expect these risks will soon expand to domestic infrastructure and transportation operations with the prospect of major instances of property damage and life-threatening injuries.
— Joshua Gold, shareholder attorney, Anderson Kill
Immature Market
Cyber comes with a bit of a double-edge sword. On one hand, it is a new market that is growing faster than any other for the industry. But being an immature market means more time is needed to flesh out the data to improve underwriting. Where cyber may be a more interesting market — perhaps even one that helps us peer into the future value of insurance — is how risk mitigation tools are being incorporated into the mix. We are seeing many carriers partner with technology companies in order to assess the actual vulnerabilities within the customers. This presents more stability for underwriting. Customers’ value may evolve in the future toward risk mitigation and resilience building. This would be a shift for an industry that — at least for the past several decades — has based its value on price. — Sean Kevelighan, president and CEO, Insurance Information Institute
Accumulation Risks
In a study titled “Advancing Accumulation Risk Management in Cyber Insurance,” global insurance think tank The Geneva Association focused on the danger of accumulation risks as a threat to cyber insurance. The report highlights several cyber accumulation risk challenges:
- Insurers and reinsurers could underestimate non-affirmative cyber exposure leading to an unplanned shock from a major event. Non-affirmative cyber exposure occurs when a cyber attack causes major losses by triggering coverages in other classes.
- Data are of insufficient quality, are incomplete and/or lack the necessary consistency for more advanced modeling techniques.
- Governments predominantly fail to provide frameworks for the sharing of large- scale cyber-terrorism-losses.
– Anna Maria D’Hulster, secretary general, The Geneva Association