A panel of industry experts highlight why London is the natural “hub” for cyber insurance provision and what the market needs to do to lead from the front in this product line

The London Market needs to develop better data sharing practices as well as minimum standards for cyber security if it is to excel and lead the global insurance industry in cyber insurance provision.

This was the key takeaway from a joint report published by municipal governing body the City of London Corporation and professional services firm Accenture, titled The Future of Cyber Insurance – Next Steps for the London Market.

Speaking at an online launch event on Friday 11 December, Max Richter, a managing director in Accenture’s insurance practice, who leads on cyber insurance, said that the London Market has a “huge role to play” in the future of cyber insurance.

However, in order to make this ambition a reality, the sector has “tangible” tasks to undertake first, such as implementing better data sharing across the industry and in creating minimum standards for cyber security.

“We need to start the conversation around what are the tangible things and the initiatives that we can be working on in order to build on the existing position and realise the potential,” he said.

“Within the report, we start to talk about two specific initiative areas that we can start the work on now and those two are around data and standards.

“On data, we have an example here within the UK around how we can successfully share data across insurers to a common purpose and that is the Insurance Fraud Bureau.

“Now, it’s a different part of the market, it deals with insurance fraud primarily on the motor side, but also a little bit of property and liability, but we have shown how we can convene a central UK body that takes in data sharing from all the major general insurers around the topic of fraud and then uses that to inform both how we do risk selection but also inform how we go after some of these criminals.

“If you take this parallel to the cyber insurance market, I think there is absolutely the potential to share the data and to inform risk selection and to be able to better protect clients. It might be more of a challenge to go after the perpetrators due to the global nature of [cyber crime] but nevertheless I think there is huge value in an initiative like that.”

Richter added that the insurance sector will need government support in order to establish data sharing practices, as businesses need to be confident that the information being shared is also going to be secure.

Increased demand

The report’s focus on cyber insurance, as well as London’s starring role in this sector, stems from a number of recent trends within the broader insurance market.

One driver is undoubtedly the Covid-19 pandemic – an increased reliance on digital methods and technology while social distancing has been in effect has meant an uptick in new types of cyber crime, to which the insurance market has to respond, added Richter.

Plus, the pandemic has hit fast-forward on the sector’s own digital transformation too, making cyber cover more pertinent for insurers as well as their insureds.

Talking to this point, Paul Greensmith, head of global specialty at AIG, said: “This is part of a broader trend globally around the nature and perception of risk.

“If you look at the switch for many clients from tangible to intangible assets, if you look at the nature of systemic risk, whether it’s climate change, pandemic or cyber risk, these all present a pretty big challenge for business, for society and also for the insurance industry. As well as a challenge, a major opportunity.

“Demand for cyber risk management services and cyber insurance is only going to increase.

“The pandemic hugely accelerated the transition of businesses and individuals into the online world and the sophistication and complexity of dealing with all that traffic and activity and all of those transactions is only increasing. As it increases, we are also seeing increased opportunities for criminal elements, state actors, etc to exploit opportunities and windows in cyber security.

“As a result of that, the insurance industry has got to figure out, along with clients, along with [the] technology industry how we respond to this spike in claims.

“One way is for the insurance industry to increase prices to reflect those increased claims costs, but that’s not a very smart, long-term strategy.

“As an industry, we need to figure out how we get the data to more accurately price this risk, how we team up with technology and risk management and technology companies to better manage risk with clients and how we get smarter product design and clearer coverage.”

This cross-sector collaboration in developing cyber insurance models is imperative, as “trying to price this risk is like hitting a moving target”, added Greensmith, because it is “changing all the time”.

London-centric

The joint report also emphasises that the London insurance market has an absolutely crucial role to play in the future of cyber insurance, with Richter adding that the market has a “competitive advantage” in this sector due to its global network.

He continued that London has the opportunity to lead the charge when it comes to cyber insurance; the majority of the event panelists confirmed that they picture London as a “cyber insurance hub”.

Catherine McGuinness, policy chair at the City of London Corporation, added that the reason why London could easily reap success in the cyber insurance market is due to its “rich ecosystem”.

She explained: “I think what we have here is a fantastic ecosystem.

“We have that mix of our world premier insurance centre, we’re a key cyber security centre, we have expertise in the supporting professional services that we need and we also have the major financial centre that we host here, which will inevitably need to be both a major user of these products, but also a major developer of the resilience that we need to see.

“We are the only city in the world with the right mix. We have a competitive advantage that we really ought to be building on because of that rich ecosystem and because where there is need, there is also opportunity.”

Dominic Christian, global chairman of reinsurance solutions at Aon UK, agreed, stating that insurance’s oldest market – in London – was in fact leading when it came to the sector’s youngest product.

Potential blockades

There could, however, be “inhibitors” to this process of London becoming a cyber insurance leader, said Greensmith, as many insurers will want to be cautious about their risk exposure in order to protect their balance sheets.

To combat this, insurers need to be kept abreast of the evolving risks they may face in this sector – Greensmith advocated the use of “knowledge” and “transparency”.

For Christian, broker communications with their clients is also important to avoid misunderstandings.

He said: “There was an element, as this is an evolving marketplace, of the coverage and the clarity of coverage evolving – not necessarily so much on the standalone cyber products, but probably more broader cyber coverage that may or may not be provided through things like property or engineering products and there has been a huge effort and huge strides within the market over the last couple of years to move away from this whole concept of ‘silent cyber’ where it wasn’t 100% transparent what would be covered in certain situations to one where cover is either expressly given or expressly excluded.

“And making sure that we’re working very closely with our brokers and clients’ brokers to make sure that those messages and that clarity of cover, clarity of product is absolutely transparent.”

Ransomware is another area causing concern – Christian predicted that capacity for ransomware products will decline, but that next year could see an improvement as better solutions are brainstormed.

Greensmith added that because cyber insurance is still an evolving market, insurers will need to continually respond to risks and losses; this includes restructuring products as and when necessary.

Furthermore, cyber insurance products could become more differentiated based on how firms manage their cyber security, Greensmith continued, with businesses being rewarded for good practices.