JLT Re and JLT Specialty are pleased to present this report on cyber risk at a time when businesses, governments and (re)insurers are confronted by escalating cyber threats.
Cyber exposures have grown considerably for companies of all sizes and domiciles in recent years, reflecting the increased frequency, scale and sophistication of attacks. Today’s risk matrix is multi-dimensional, with the impacts from attacks taking many different forms, including loss of data and software, theft of intellectual property (IP), property damage, business interruption and reputational damage to name only a few. Business costs have risen sharply as a result.
And the risks look set to escalate further due to technological developments such as the Internet of Things (IoT), the expanding use of cloud computing, smart grids, embedded medical devices, autonomous cars and the rise of intelligent machines. These innovations, whilst obviously bringing huge economic benefits for businesses, are creating new and complex cyber risks that have the potential to create cascading impacts.
Because the underlying drivers of cyber risks frequently change, companies face challenges in understanding their exposures and the type of insurance cover needed. As buyers question whether certain insurance products offer sufficient protection against the myriad of risks they face, insurers and brokers need to be able to quantify and explain these exposures as clearly as possible. Otherwise, take-up rates could be hindered and growth of the cyber (re)insurance market held back.
Whilst factors such as enhanced risk awareness and new regulations on data breach reporting requirements will support the expansion of the cyber market over the next few years, JLT believes that radical change is required if carriers are to help alleviate these constraints on demand and unlock the huge potential associated with cyber.
Specifically, addressing the issue of ‘silent’ cyber risk is crucial. The lack of clarity in standard P&C policies has led some companies to believe that they have adequate cover for cyber risks when they may not.
Conversely, (re)insurers are being held back by concerns that unquantified cyber exposures are buried in traditional policies by virtue of not being excluded, raising the prospect of unexpected losses in the event of a cyber incident. This has created a logjam in which cover is often not properly provided or understood.
This situation has now drawn regulatory attention, and changes to the way the insurance market approaches cyber risk could follow. JLT believes the (re)insurance market should support these potential changes by laying the foundations for a sustainable, long-term cyber insurance framework. This framework should facilitate innovative and comprehensive solutions to better account for the way cyber risks cut across every aspect of business today.
We see the standalone market as best placed to do this, although cyber, in some cases, must be considered a ‘peril’ to be addressed in traditional placements with the support of cyber specialists. As more premiums flow into the standalone market, carriers will be able to evaluate and price risks more accurately as good-quality claims data and sophisticated modelling tools become increasingly accessible. This, in turn, will help ensure the market is better placed to trade through future systemic losses by encouraging innovative reinsurance and insurance-linked securities (ILS) structures. Governmental support is also likely to be needed in back-stopping some of the more catastrophic loss scenarios.
Businesses and (re)insurers that react quickly will gain first-mover advantages in what could become a very different cyber market. JLT is uniquely placed to support our clients through this period of change and we look forward to working on their behalf to secure comprehensive and affordable products designed to address today’s complex cyber risk environment.
Download our report here
If you would like to receive future editions of Viewpoint reports please email specifying if you would like an email or hard copy.