Advisen

'Coming storm' emphasizes need for greater insurance-technology alliance on cyber risk

By Chad Hemenway, Advisen

Ben Beeson is no longer brokering cyber insurance. In a new role, he’s tasked with building a bridge between technology and insurance.

Beeson, former cyber risk practice leader with Lockton, joined start-up Arceo Analytics in the summer. The information technology and service provider remains in stealth mode but Beeson spoke with Advisen about his move.

“We’re on the cusp of a major shift in the way insurers and their customers evaluate cyber risk,” Beeson told Advisen “Fundamentally, that’s to do with the increasing ability to capture data points that were not previously available – in real time.”

Yet the synching of the security and insurance worlds is not quite there. The sides have demonstrated a measure of success on the response side of a cyber incident but not as much when it comes to pre-breach.

Some technology companies can be accused of treating insurers and brokers as resellers of their products. Conversely, some insurance companies have not tried to understand how technology companies may be able to add value and begin to incentivize customers who use the tools and technology available.

Beeson said “both sides have been dancing around each other to better understand how to align.”

“The alignment between security and insurance is coming right now, but it takes people to help bridge the industries. I am very interested in trying to support that.”

What’s been standing in the way of this alignment? Beeson said the technology has previously been available to understand external data points, but only now is evolving to close the loop on understanding what’s actually happening internal to a company. Today technology can capture much more data in real time on clients, to make a much more accurate assessment of the risk.

Also, market dynamics has been a factor. The cyber insurance market is competitive and profitable as it is.

“There has been paranoia about adding value services for clients before things go wrong, as part of the insurance transaction, because that might become a barrier to sale,” Beeson said. “There is a real nervousness by some insurers that some brokers will just take the deal elsewhere. And from the technology side, a product like a risk assessment is nice to have but it doesn’t really have any relationship with the insurance transaction.”

However, Beeson said there is “a coming storm, and the storm is going to expose the shortcomings in this approach.”

A systemic cyber-related loss can happen any time, Beeson explained. Couple that with increasing regulatory pressure as insurers are being asked to show how they are evaluating cyber risk beyond the basis of market-driven price.

“The current approach won’t be sufficient to regulators when there is technology available to help carriers and their clients better evaluate risk,” Beeson said.

The current state of misalignment of technology and insurance could be a reason why the cyber insurance market is not growing as quickly as it should grow—certainly not at the pace to reach some publicized estimates—considering the size of the risk and the number of companies potentially impacted, Beeson said.

But through a real partnership, insurers will be able to understand the risk externally and internally, and have the ability to offer more to the consumer.

“Buyers will see a real value in insurance, which then drives the growth of the market and also drives product development because right now they are limited, particularly around first-party loss, property damage and business interruption,” Beeson said. “Insurance will evolve to be more relevant and broader in scope, benefiting the client as well as the growth and sustainability of the insurance market.”