Lloyd’s CEO Inga Beale has said that the cyber insurance market remains “frustratingly immature”, highlighting that partnerships are the best way to tackle the risk.
Speaking to delegates at the Organisation for Economic Cooperation and Development (OECD) conference organised in collaboration with Marsh in Paris last week, Beale said that despite huge potential, the cyber market has not developed as much as it should have in the past two decades.
“In 2016, the stand-alone cyber market reached an estimated $3.5bn in written premiums…many analysts suggest that this figure will double over the next two years, largely driven by EU regulation on Data Protection,” Beale said.
However, she added that over the past 20 years, the cyber insurance market has failed to live up to expectations.
“Evidence of the market’s immaturity can be seen in the relatively low take up of cyber insurance. Whereas many businesses have property insurance, only about 20-35 percent have specific cyber insurance in the US and Europe.”
She said this comes despite an increased awareness of the risks and the fact that public and private organisations are “ripe to attack”, citing that the 2017 Wannacry ransomware attack infected 200,000 computers across 150 countries.
She acknowledged there are a number of barriers blocking the development of the class of business, such as the often high and variable cost of premiums and the nature of the risk itself, which Beale said can be difficult to detect, evaluate and price. In some cases cyber insurance is up to six times more expensive than property insurance.
The Lloyd’s CEO said that some buyers may be confused over the types of cover available, while certain policies still don’t cover important losses, for example loss of value of intellectual property.
On the underwriting side, she said that difficulties in detecting and pricing the risk, combined with the potential for large losses is forcing some insurers to tread carefully.
Meanwhile, the fast changing cyber risk landscape puts pressure on underwriters to ensure they have products that cover new threats, which is something the market is tackling head on.
Insurers will “need to take positive and decisive action” to cope with these demands, Beale suggested, adding that the market should prioritise co-operation and engagement to better understand the exposures it faces and ultimately improve the products it provides.
“Cyber risk is so complex that we need to be working together, pooling resources and data where possible to come up with solutions that are based on the latest and best information available,” she said.
Summing up the partnership approach, Beale concluded: “The onus is not just on insurers to take action. Governments and public bodies such as the OECD can play an important role too, especially around data. Customers are looking for evidence that insurers will pay out on cyber claims before they purchase. More information on the frequency and impact of cyber-attacks and losses would help inform underwriting.”
Beale said that the market will only realise this opportunity if it invests for the future and all parties work together to “build better cyber resilience”.