
Cyber Risks and Reinsurance
August 26, 2016
Surveys of risk managers routinely rate cyber risk or cyber liability among the top ten risks facing companies today. And not surprisingly, options for managing and mitigating various cyber risks are currently an ongoing topic of discussion in the press, in Lloyd’s, in the boardroom, or indeed within this very forum. So far, however, most of the focus has been from an insurance perspective. But reinsurance clearly has a significant part to play in confronting this evolving and escalating risk. An Evolving Reinsurance Market Most direct insurers will be familiar with the client that wants cyber insurance, but often with limited knowledge of their specific cyber risks or the solutions that would be best suited to their needs. Do they understand the range of coverages available? Do they need cyber coverage in the first place? Is it first-party exposures, third-party or both which are of primary concern? These same questions are relevant to reinsurers. Expert writers of the class know how to manage their portfolios, avoiding saturation in a particular segment or territory, and making sure there is adequate risk management in place via encryption and internal governance. They are also aware of the importance of response times, crisis management and the potential costs involved. These writers will often purchase reinsurance on a traditional risk or clash basis to mitigate volatility and smooth their underwriting results. More concerning are direct insurers that want to dip a toe into the cyber arena, often through facilities where they don’t control the underwriting; this can be seen as a way to diversify the portfolio and achieve rate on what is perceived to be historically loss free business. We also see increased interest from direct insurers to provide cover for cyber in the retail and healthcare sectors; some high profile breaches in these sectors led to significant rate increases, and also improved risk management and controls. Some direct insurers seek cyber opportunities in the open market while others elect to access this business via MGA’s or consortiums. We are regularly approached by clients in London and internationally who are looking to get into cyber. They are usually looking to cover first-party elements like business interruption, data restoration and cyber extortion, as well as third-party exposures such as security and multimedia liability along with the costs associated with breach response including notification, credit monitoring and privacy liability. Our response is entirely consistent. We want to know if the client has: a dedicated cyber underwriter (rather than a PI underwriter dabbling in the class); their own Policy Wording and Prop Form; an understanding of the notification requirements and laws in the territories they are targeting; and sufficient claims capabilities including credit monitoring and data forensics. We are also working to enable clients’ to white-label our offering by packaging the form, application and rating model together with crisis and claims management. What is Covered? Cyber-attacks are a relatively new phenomenon and the (re)insurance markets are still developing robust solutions for managing and mitigating the various risks. As a result, an issue for reinsurers is cyber-related claims filed under a Commercial GL or other “traditional” policy. A prime target for claiming cover under GL could be the personal and advertising injury section. While cyber claims brought under a Commercial GL treaty have been defended in the U.S., this has not been tested in the UK courts. Also, while an element of cyber exposure has been present in FI language through the Electronic Computer Crime provisions, there are some protections here from “hacktivists” whose objective is to disrupt operations and perhaps make a statement but are not in it for personal gain. And with these coverages, if there is no improper personal gain, there is no insurable loss.- About The Author
- Simon Cook
- Senior Underwriter, Reinsurance - London, AXA XL
More Articles
- By Risk
- By Industry
- By Product
- By Region
Global Asset Protection Services, LLC, and its affiliates (“AXA XL Risk Consulting”) provides risk assessment reports and other loss prevention services, as requested. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. AXA XL Risk. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any publication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, AXA XL Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with this publication, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.
US- and Canada-Issued Insurance Policies
In the US, the AXA XL insurance companies are: AXA Insurance Company, Catlin Insurance Company, Inc., Greenwich Insurance Company, Indian Harbor Insurance Company, XL Insurance America, Inc., XL Specialty Insurance Company and T.H.E. Insurance Company. In Canada, coverages are underwritten by XL Specialty Insurance Company - Canadian Branch and AXA Insurance Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following AXA XL surplus lines insurers: XL Catlin Insurance Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor Insurance Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.
AXA XL, as a controller, uses cookies to provide its service, improve user experience, measure audience engagement, and interact with users’ social network accounts. We won't set optional cookies unless you enable them. You can disable them at any time.
For more detailed information on the cookies used for this website, you can read our Cookie Policy.