More talk than action on using captives to cover cyber risksReprints
SCOTTSDALE, Ariz. — Although cyber attacks are being launched in almost every industry, an expert says only a small percentage of clients are placing cyber liability in their captive insurer.
“There is a lot of conversation on cyber risk,” said Peter Mullen, CEO of captive and insurance management at Aon Global Risk Consulting in Pembroke, Bermuda. “But there is not a "gold rush' of clients putting cyber into their captive.”
Mr. Mullen said of roughly 1,100 clients, about 1% put cyber risks in their captive 18 months ago, a rate that rose to 2% in a recent Aon survey.
While it's increasing, that remains a small percentage, he said during the Captive Insurance Companies Association's 2016 International Conference.
“A lot say they are considering buying it,” Mr. Mullen said of the most recent survey results on putting cyber insurance in a captive.
Trying to define a cyber risk is one of the most challenging tasks, said Michael Douglas, Philadelphia-based captive insurance director of business at Aon Risk Solutions. “We have very little data — the industry differentials are huge in cyber.”
Adequately assessing the risk and underwriting it is difficult since the risk varies from industry to industry, said Stephanie Snyder Tomlinson, Chicago-based senior vice president and national sales leader of cyber insurance at Aon Professional Risk Solutions'' financial services group.
“Cyber is a gap policy; it's addressing a lot of different areas of risk that traditional insurance does not currently make available,” she said. with increased regulation, “more companies are being required to have cyber by contract.”
“This is where a captive comes in, for the gap in coverage,” Mr. Mullen said. “We say incubate that risk in your captive. It's such a difficult risk to quantify that we don't know how to underwrite for it, we don't have a scientific way of pricing the premium.”
But Mr. Mullen also said he expects pricing and underwriting to “become more defined over the next three to five years.”
“Insurers are looking at aggregating the risk around different products and trying to figure out how they can underwrite it and ultimately charge for it,” said Alec Cramsie, technology, media and business services focus group leader at London-based Beazley Group Ltd.
About 60 insurance markets currently provide about an equal number of policy forms for cyber coverage, Ms. Tomlinson said.
“We see a great amount of variation in exclusions and triggers. It takes the keen eye of a broker that lives and breathes this so that you have a contract that does perform when it needs to perform,” she said.
The cyber market has seen hardening in some industries such as in financial institutions and retail, “but it's better to get in now than to wait because your industry could be next,” Ms. Tomlinson said.