The insurance industry all agrees that cyber coverage is going to be one of the biggest growth areas in 2022 and beyond. Why? It’s simple really, we are living more of our lives online and with tech advances like 5G and Elon Musk’s Starlink system, digital products and services are going to connect the world in a way that will drive the most profound change since the Industrial Revolution of the 18th century.
But, in an era of every device and person being connected, the risk of having data stolen, your ID used by scammers, or digital services that are denied is huge. Then there are infrastructure risks too, like pipelines being switched off or building monitoring systems going down. That’s partly why Saket Modi from Safe Security believes that cyber insurance will become mandatory one day, it’s the only way that the risk can be shared.
Insurance Edge caught up to learn more.
IE; I can see that compulsory cyber coverage is a good idea in many ways, but so many people will see this as another form of taxation, how can that resistance be overcome?
SM; Everyone needs to step back and look at cyber risk in a more holistic way, because it is a truly global problem. The World Economic Forum identifies cybersecurity as the number one threat right now, as one report last year said cyber-attacks were up by 80 percent and a study by Accenture found that 50 percent of cyber leaders and professionals thought that ransomware was a significant threat to public safety in general. So, this isn’t just a corporate problem, it is something that affects everyone.
For insurers there are really three options when it comes to cyber. One, you mitigate the risk, two, you accept the problem and its costs and three, you transfer the risk onto third party companies. Now, if you mitigate, then you are looking at a sector where claims are growing rapidly. Indeed, Accenture sees growth in Gross Written Premium (GWP of 500 percent between 2021-25, which is great until you look at the equally sudden rises in claims payouts, disputes over business Interruption claims linked to cyber or ransom attacks etc.
So, it’s very hard for insurers to keep pricing future risk because cyber-attacks are constantly shifting and evolving. That makes pricing difficult, especially when you get to smaller companies where their resources are stretched trying to cope with cyber-attacks.
IE; Long term, is the only solution is compulsory insurance? In the same way the motor car became a general risk a century ago, leading to governments gradually making car insurance mandatory, since it wasn’t just a niche mode of transport anymore.
SM; Exactly. The car became a serious risk for everyone – drivers and pedestrians – so something had to be done. Now we take it for granted that every driver has insurance.
This is why I think attempts to put the cyber problem into the government’s domain will fail. You can’t transfer the risk that easily and governments will find that the more they spend on cyber training, new rules, new systems and so on, they will eventually only gain diminishing returns. Instead, the risk should be transferred to as wide of a pool as possible. This isn’t just a Fortune 500 company problem.
IE; What do you see as being emerging risks for the rest of the 2020s?
SM; If you look at the data on cloud-based attacks, you can see that 86 percent of them are for mining capacity. Bitcoin takes up a huge amount of processing power and so many systems are hacked to gain that mining power.
Another trend for insurers and brokers to watch is real-time pricing. Let’s say you build a new cyber product, but then the threat subtly alters while you are still quoting. This means you are then starting the policy based on data that is historic – it isn’t real time and it isn’t tracking the new threat. Instead, insurers can develop systems that scan websites very quickly and in real time.
Really you need an automated assessment as a baseline at any point in the policy lifecycle. So that’s what we have developed, a 360-degree view that is a true inside-out assessment of risk when you are quoting on cyber insurance. If you look at something like Tesla, you can understand why they built their own insurance product. You have a car that updates the software every few weeks, it gathers driver data, journeys, weather etc. each time it’s on the road. So therefore, you need an insurance product that reflects the true risk of that particular trip or journey.
If you use health insurance as a comparison, it’s like quoting using an MRI scan, rather than a phone call or online Q&A form once a year.
IE; Tesla is the first 100 percent data driven insurance isn’t it?
SM; Definitely, you know Elon Musk reportedly told his data engineers that he was going to make them ‘rock star actuaries,’ because the accumulated driver data was going to change insurance forever. You keep learning all the time and that means you start to understand risk in a much deeper way.
IE; Safe Security has been growing fast recently, tell us a bit more.
SM; Yes, we had a successful Series A funding round and Safe Security is proud to have investment from BT and Mitsui Sumitomo, plus we are working with names like Facebook, Tata and Softbank on cyber security. Last year, we grew 400 percent year over year.
BT can now exclusively integrate our SAFE suite of products as part of a business line deal as well, so it makes cyber risk awareness the default option. As the global economy continues to grow online, we will need to have more proactive responses to cyber threats, which is another reason why cyber coverage will eventually be mandatory.
IE; Saket thank you for your time.