What Can Brokers Do About Silent Cyber Risk?
Silent Cyber Risk: Insurance Challenges
You’ve probably heard folks in the industry talking about Silent Cyber risk. You even might have an idea about what silent cyber risk is, and understand how it might impact your clients.
The persistence of the issue over nearly a decade is attributed to complex issues that are high in the insurance value chain. So what can a broker, on the front lines of the issue, do to find solutions for their clients?
Before we answer, let’s look at why solutions have been hard to come by.
You’d be forgiven for thinking, upon surveying the options for cyber coverage, why don’t insurers simply add it to the form and underwrite the risk!? It’s a valid question. The industry has already coined a term of art for this avenue: “affirmative cyber.” While underwriting the risk is the most logical response, there are at least three problems for large incumbent insurers.
#1 Not All Commercial Insurers Underwrite Cyber Insurance
First, not all commercial insurers underwrite cyber insurance directly. They may not offer a stand-alone cyber insurance policy or know how to underwrite the risk. There’s a simple lack of expertise standing in the way.
#2 Multiple Policies & Endorsements Are Often Required
Second, even if a carrier offers a standalone policy, offering affirmative cyber as part of a Property policy requires writing endorsements or mini-policies attached to the larger policy. This requires legal and regulatory scrutiny and adds a significant new source of complexity to policies that have been carefully honed over decades. If your competitors are staying silent on cyber and the sky hasn’t fallen, all of that complexity and expense seem daunting.
#3 Bringing Cyber Solutions to Market Is a Large Endeavor
Third, bringing these solutions to market will be a huge endeavor for P&C insurers because of the manner in which they organize themselves. P&C insurers build towers of authority and business acumen based on the types of insurance policy — departments for Property Insurance, Products Liability Insurance, and so on. Each of these units has their own slice of cyber risk that overlap with their historical perils, and each requires something a bit different from cyber underwriting. But none of these incumbent product lines is staffed with cyber underwriters. The ability of these insurers to cross-institutionalize their know-how will be a huge test.
Cyber Underwriting Is Different, Plain and Simple
Aside from structural issues, there is also friction that will be caused by the new cyber underwriting process. Full cyber policies require the completion of lengthy applications and reviews that will need to be done many, many times over at these insurers. “Skinny” Cyber endorsements have smaller premiums and require only a subset of knowledge of the overall Cyber risk landscape.
One way to solve this challenge is the automation of the quoting process, starting with smaller accounts. At Corvus that is for accounts up to $300MM in revenue. We expect to continue to increase this functionality as our Data Science team continues to find ways to use techniques like machine learning, a type of artificial intelligence (AI), to process more data around Cyber breaches and Corvus scores.
What Can Brokers Do?
For all of the reasons stated above, brokers can’t rely on the incumbent carriers to solve the issue for their clients. Brokers need to look elsewhere in the insurance ecosystem for creative solutions.
Brokers can take advantage of the data from companies like Corvus and other third parties that sell similar information. Each of us in this sector aspires to provide the most value to brokers and their customers. By informing their clients about the extent of their cyber risk, and the limitations of their current P&C policies in protecting them, brokers can gain their trust to pull together solutions that include standalone cyber policies that add value with digital tools as well as novel combinations of cyber policies with specialty lines like Property, Cargo or Tech E&O.
It’s not as elegant as delivering a single set of P&C policies that cover cyber perils from their longtime insurer, but in Corvus’s experience as an MGA, clients appreciate the forward-looking and creative solutions brokers can deliver by looking outside the normal channels. Once clients see the need, they are open to trying new things.
So brokers: dig in and choose your digital weapons. Don’t let Silence win out!
To Learn More About Silent Cyber, Check Out Our Whitepaper. Click Here to Download.
The rise of remote work and growing concerns over ransomware acted as partners-in-crime to get organizations to hone in on risk mitigation efforts over the past couple years. Through compiling our Risk Insights Index, we found that with certain initiatives — safer or reduced usage of RDP, growing use of email security tools, and other measures taken to limit the impact of threat actors — businesses are more prepared than a year before and ready to play defense. Those efforts are borne out in our finding that the rate of companies who pay a ransom when attacked with ransomware fell by half within a year.
The whisperings of “firming rates” start first, quietly in business meetings, then published in industry reports. Soon to follow, rumblings of a “hard market” are brought to the conversation. It’s cyclical in nature, and we see it across all insurance lines at one point or another. For years, Cyber Insurance stretched far and wide with “soft” market conditions, remaining highly profitable. Now that period of growth, with exceedingly available coverage and inviting terms, has stalled in the face of a hard market.