Cyber Insurance Is Unsustainable On Its Current Path

The cyber insurance and reinsurance market is currently unsustainable if it continues on its current course, but better use of data and more informed regulation may offer a solution. 

This is according to Ben Beeson, Founding Member and Head of Insurance at Arceo, a risk analytics provider for the cyber re/insurance market, who spoke about where the sector might be headed.

Speaking to industry journal ReInsurance News  Beeson explained “The market has not grown as quickly as it should have,”“The best estimates are that the size of the market is roughly $4.5 billion gross written premium today. It should be much bigger than that, if you think about the size of the risk and how it impacts everybody ... and yet, because it’s arguably perceived to be the biggest opportunity in the insurance industry, there’s still more capital entering the market looking for growth. And they’re not all finding it.”

Compounding the problem is a lack of premium outside of the US market, and the fact that the top five carriers control somewhere in the region of 40-50% of the market, Besson noted.

“So think about that in terms of the other 100 players trying to go after the rest of the premium there,” he continued. “That is a problem. It’s a problem because it doesn’t lead to better underwriting, to better evaluation of risk because people are chasing market share, chasing rate. We’ve got to correct that.”

Regulation will likely play a key role in curtailing this kind of behaviour, by providing incentives for the industry to fully address the cyber risks the cyber risks it is taking on. The recent announcement from the UK’s Prudential Regulation Authority (PRA), for example, will require Lloyd’s syndicates and the wider UK re/insurance industry to more effectively manage their silent cyber risks by 2020.

“I think that’s very welcome and not before time,” said Beeson. “Silent Cyber is the biggest issue right now and regulators are going to drive it right out into the open.”

However, the belief at Arceo is that regulation needs to be combined with new technologies and data capabilities to promote a more robust and sustainable cyber market.

“The insurance market, those involved in cyber, has long complained that there’s not enough data available to accurately price and evaluate cyber risks... Our belief is that’s not correct, the data is there. It’s just you’ve got to get it, you’ve got to make sense of it, and then you’ve got to deliver it in a way that is usable depending on who wants to use it. The challenge is how to deliver that data in a market which still today is over-capitalised and very competitive with rates dropping.” Beeson explained.

“By getting the right data in the right hands, the industry can help raise corporate security standards, and at the same time, make better informed underwriting decisions, meaning much greater market sustainability.”

Arceo aims to facilitate this process by acting as bridge between the re/insurance and cyber security industries, which it believes are often speaking different ‘languages’ in their approaches to understanding risk and exposures.

Beeson concluded that the sustainability of the cyber re/insurance market’s will not be truly tested until a major ‘cyber hurricane’ occurs, which would involve a single unforeseen event causing multiple losses across carriers’ portfolios.

Reinsurance

You Might Also Read:

Wanted: Clarity About Cyber Insurance Cover:

 

« The WannaCry Hangover
Only 31% Of Employees Get Annual Cyber Security Training »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI) is a premier federal law enforcement agency within the Department of Homeland Security (DHS).

FDM Group

FDM Group

FDM Group is an international Professional services company with a focus on IT. Services offered include Software Testing, and Information Security with a focus on operational security and compliance.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

Romanian Association for Electronic Industry & Software (ARIES)

Romanian Association for Electronic Industry & Software (ARIES)

ARIES is the Romanian Association for Electronic Industry and Software, the biggest and most influental organization created for the IT&C industry in Romania.

AllegisCyber Capital

AllegisCyber Capital

AllegisCyber is an investment company with a focus on seed and early stage investing in cybersecurity and its applications in emerging technology markets.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

Motorola Solutions

Motorola Solutions

Motorola Solutions build mission-critical services, software, video and analytics, backed by secure, resilient land mobile radio communications.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Flatt Security

Flatt Security

Flatt Security is a cyber security startup based in Japan providing security assessments and other cyber security services.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

Quantum Star Technologies

Quantum Star Technologies

Quantum Star Technologies has developed Starpoint to be a next-next-generation solution to cyber security threats. Our mission is to secure the online world through our patented technology.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

CyberSG TIG Centre

CyberSG TIG Centre

CyberSG TIG Centre aims to propel Singapore as the world’s premier cybersecurity innovation hub for economic growth.