In conversation with Morningstar DBRS managing director, Marcos Alvarez, managing director, global insurance ratings, BOXX Canada president and global chief underwriting officer, Phil Baker, told those gathered at a recent webinar that underwriters won’t be replaced by artificial intelligence (AI) but those that don’t use AI will get replaced.
“It’s going to be a tool that we’re all going to have to use in some form or another, whether it’s claims response, monitoring networks or just understanding risk and exposure,” he said. “I think it’s going to have a massive impact.”
Cyber exposure awareness
The wide-ranging conversation also touched on regulation of the cyber insurance market, the evolution of cyber exposure awareness among insurers and even the challenges associated with raising and paying a ransom if needed (anti-money laundering rules and the practical matter of purchasing millions in bitcoin in the first place among them).
A massive opportunity
Cyber insurance, against this backdrop, continues to be the fastest growing insurance business in the last decade, they add. “It’ll continue to grow,” Baker says, “and for good reason. Companies are getting more aware of the exposures they face; we’re seeing less resistance to buying a cover than we’ve seen before, as companies become more educated and firms require it for their vendors.” He also says he expects to see coverages purchased increasingly by individuals, as well – a massive opportunity for companies like BOXX, he says.
Facts discussed during the webinar include the fact that social engineering continues to make up about 80 per cent of claims for the company. “However, ransomware is still a real threat. One, while less frequent, generates much higher losses,” Baker says.
Rates have stabilized too, he says. Massive increases, sometimes 30 per cent or 40 per cent on renewals, aren’t happening today, thanks to a focus on risk quality and competition entering the space.
Mitigating exposure
“As an industry, firms, insurers have gotten much better at understanding the risk but also at mitigating that exposure,” he says. “In the last 12 months I’ve seen increasing focus on making sure controls are in place before (carriers) will insure the risk.”
In the past, he says companies may have taken on clients with the expectation that those clients would do certain things to improve their cybersecurity throughout the policy term. Today, he says insurers are more likely to say they won’t underwrite the risk until bare minimum controls are in place. (Among those controls, he says effective multi-factor authentication on all accounts and entry points – not just for key accounts and those of administrators – regular patching and segregated cloud-based backups are all minimum requirements for many insurers today.)
“Cyber insurance needs to be a partnership with the broker and the client. Gone are the days where we collect our premium and hopefully don’t pay a claim,” Baker says. “Those days are over for cyber insurance, certainly. The key for us is engagement. We want to work with our brokers and our clients to ensure they have the best cybersecurity controls in place.”