Advisen FPN

Advisen Cyber FPN - Friday, July 28, 2017

   
Q&A with Phil Rosace, Cyence: 'Helping the world's businesses deal with an existential risk'

Advisen

Q&A with Phil Rosace, Cyence: 'Helping the world's businesses deal with an existential risk'

By Erin Ayers, Advisen

A new report developed by cybersecurity firm Cyence and Lloyd’s of London found that an extreme cyber event could potentially cost as much as Superstorm Sandy. Advisen recently reached out via email to Phil Rosace, senior solutions manager of Cyence, to further discuss the report, entitled “Counting the cost: Cyber exposure decoded.”

Advisen: The report highlights the gap between insured losses in the described scenarios and the potential economic losses. Is it possible also to say whether the insurance industry has overextended itself in terms of capital available in the market and the potential payouts required by an extreme loss?

Rosace: The report notes that on average, the world’s costliest natural catastrophes from 1980 to 2016 were only 30 percent insured. In the scenarios modeled in the report, insured amounts are estimated to be somewhere between seven percent and 17 percent, so the industry currently has considerably less insured exposure when compared to past natural catastrophe losses.

The cyber insurance market is still in the early stages and has a lot of potential to grow as cyber risk increases and insureds are realizing that cybersecurity technology only goes so far and they need to balance risk prevention/mitigation with risk transfer/management. For the insurance industry, cyber can be a profitable growth opportunity while helping the world’s businesses deal with an existential risk of the 21st century.

Advisen: With capital in mind, what would the best course of action be for insurers to manage their cyber risk aggregation?

Rosace: Cyber has to develop the same rigor as other lines of insurance across risk accumulation, portfolio analysis, scenario modeling and capital reserving. The challenge is the lack of data and that is where Cyence is able to bring real data to understand and model accumulation.  With Cyence, our customers can identify aggregate exposures based on real data and translate them into dollars and probabilities powered by advanced stochastic models. Insurers can quantify their aggregate exposures and stress their portfolios to manage their cyber accumulation risk’s impact on capitalization. It is important that these exposures be up-leveled to the board and spoken about in financial terms in order to achieve this level of maturity in the discussion.

Advisen: Has a generally soft insurance market led to terms/conditions/prices that may not accurately reflect the risks taken on?

Rosace: Like any other insurance line, we see areas where the risk is underpriced and areas where the risk is overpriced. Cyence brings a purpose built for insurance cyber risk selection approach that can help insurers select and price risk more effectively. There are lots of bad risks in good sectors and good risks in bad sectors and Cyence is focused on helping insurers find the right risks at the right price that fits their risk appetite.

But the bigger question is whether the insurer is pricing in an accumulation load? As the report highlighted there is an accumulation risk that has to be considered and unlike traditional lines, the accumulation is not by industry or location or revenue band. Cyence customers are able to understand and model their accumulation based on real data and then appropriately price and reserve for it. This also helps them justify it to a board of directors, regulators, reinsurers, rating agencies, shareholders, etc.

Advisen: Do you expect greater regulatory scrutiny on capitalization and reserving in cyber risk in the future?

Rosace: As the cyber market is growing with broader insurance coverages and larger portfolios, we are seeing increased focus by regulators and market custodians like regulators and rating agencies. A.M. Best has recently commented on the report and stated that they expect companies underwriting cyber insurance to provide detailed and credible assessments of their accumulation loss potential as the materiality of their cyber exposures grow relative to capital amounts. Lloyd’s requires reporting of accumulation exposures on their syndicate’s cyber exposures, and there are various other regulatory initiatives in the industry that encourage better cyber security risk management from a variety of perspectives.

A big goal of the report was to help create the common language that can be used to model cyber risk and empower all the various insurance participants (brokers, insurers, reinsurers, rating agencies, regulators) to have a shared understanding of the risk, so the risk can be traded and a robust reinsurance market is created that enables larger limits and broader coverages.

Advisen: Where do you see data analytics’ role in the growth of the cyber market?

Rosace: Cyber is a big growth opportunity for the insurance industry, and data and analytics can help with both increasing capacity and increasing coverage:

  • Better economic modeling of cyber exposures will enable more capacity for large exposures. Better analytics will enable reinsurers and alternative capital to provide capacity more confidently and help the market trade cyber risk in more sophisticated ways as we see in natural catastrophe and other lines.
  • Broader coverages that extend past privacy issues and more directly and substantially address items like property, casualty, supply chain etc., will increase premium amounts due to broader coverage and likely induce new buyers of dedicated cyber cover who were previously hesitant due to limitations in the coverage available in the market. Sophisticated analytics and economic exposure modeling will help insurers innovate in a data driven manner that helps them build sustainable products that meet their customers’ needs.

Editor Erin Ayers can be reached at eayers@advisen.com.

Advisen