Experts Urge Empathy, Thoughtfulness for Insurers in Challenging Cyber Landscape
While the continuously evolving cyber threat landscape is a growing problem for insurers, experts say it’s not an insurmountable one, and empathy and thoughtfulness will be key as insurers seek to tackle it.
“The part that sometimes is a little bit frustrating for me is seeing when insurance companies are sort of throwing up their hands and saying, because it’s a difficult problem, it’s an impossible problem,” said Madhu Tadikonda, CEO of Corvus Insurance. “I don’t think that really has much empathy for our commercial clients and policyholders.”
Tadikonda’s comments come after Zurich CEO Mario Greco said in a December 2022 interview in the Financial Times that he believes cyber threats are in danger of becoming uninsurable.
In a widely reported quote from the interview, he said he believes the growing sophistication and scale of cyberattacks is putting them at risk of becoming uninsurable and questioned what the consequences would be if a cyber criminal takes control of vital parts of U.S. infrastructure.
In a recent episode of The Insuring Cyber Podcast, he said, “first off, there must be a perception that this is not just data … this is about civilization. These people can severely disrupt our lives.”
A representative from Zurich wasn’t available to comment at the time of this podcast, but Greco’s comments come amid growing concern about the cyber threat landscape and the pressure it’s putting on insurers.
The cyber insurance sector has been tested recently with growing ransomware attacks and rising premiums. However, a 2022 Cyber Insurance Market Trends report from Panaseer found that isn’t necessarily scaring insurers away.
“Despite the considerable pressures, our research shows it’s not enough to make insurers exit the market,” the report said, finding that even if the current rate of cyberattacks remains the same, 84% of respondents said they’d continue to offer cyber insurance over the next three years.
This sentiment was echoed by experts on this podcast episode, who added that helping customers navigate a challenging cyber landscape should be insurers’ first concern.
“Whether we think it’s insurable or difficult or whatnot, it is a very real risk that our customers are worried about,” Tadikonda said. “They talk about cyberattacks in their boardrooms. The CEOs of companies get very tough questions about how they’re weighing investments in software and services and how their insurance works together in a risk management solution … I think that would be a real miss if we didn’t respond to something our customers really care about and are worried about, especially given that these are the ways insurance companies are trained and built to think about things.”
Tim Francis, enterprise cyber lead at Travelers, agreed, adding that the insurance industry is armed with a lot more data and knowledge about cyber now than it has had in the past.
“I think that over the last couple of years, we’ve actually learned a lot,” he said. “So, cyber certainly is a challenging space. It’s going to be a challenging space and if there was anyone that thought otherwise, that would be the wrong thought process to bring to this. But I think done with thought, done with care, certainly cyber is a space that that can be managed.”
He went on to say that he not only believes cyber is a risk that can be managed by insurers, but that it’s incumbent upon the insurance industry to do so as technology continues to advance.
“The reality is that we’ve got customers that use technology and use data and are going to continue to use technology and data in all sorts of new and innovative ways over the next several years and in the future,” he said. “I think it’s incumbent upon our industry to help them understand their risks, their exposures, and to create insurance products that can help transfer some of that risk. Not without concern, but thoughtfully. I think that there’s certainly a way that can be done.”
Tadikonda said one of the ways insurers can do this is by harnessing data and sharing that knowledge to educate policyholders about their cybersecurity.
“We’ve got a very rich database of incidents and claims and how that links back to what policyholders or customers looked like before an attack,” he said. “And we have real valuable advice and information for policyholders about which of the investments they can make, which ones reduce frequency and severity, and which ones make them most resilient.”
The challenge, of course, is that the threats are changing all the time.
“Certainly in cyber, what happened in the past, while informative, helpful, useful for sure, is sometimes less predictive for cyber than maybe looking back at that data would be in other lines,” Francis said.
However, Tadikonda said insurers will simply need to adapt to a faster paced environment, relying on not only data, but early predictions and a little bit of intuition, to stay ahead. “If you waited two years for things to appear in the actuarial tables, it might be too late,” he said. “So sometimes, you have to base things on cybersecurity data, good intuition, early results of things, seeing what emerging attacks are, even if there aren’t necessarily insurance claims on the web.”
Francis said that as the cyber insurance industry evolves, he’s noticing a market shift as many carriers who stepped back from the risk initially are now more confident in the space since they have a better handle on it.
“I think this is actually a great time to be a buyer of cyber insurance,” he said. “I think when the ransomware trend was at its worst, a lot of carriers battened down the hatches and said ‘We’re going to require a higher standard of cybersecurity with our customers.'”
This meant customers who didn’t have robust cybersecurity measures in place could have difficulty finding coverage or could be paying significant prices, he said. “That was just the nature of the risk,” he said. “I think carriers have kind of come out of that frenzy, and what we’re now seeing is not less underwriting standards, but the ability to have those customers that maybe don’t have ideal standards be able to connect with risk professionals that can help them.”