Due to the current difficulty in assessing cyber risk and underwriting cyber policies, experts claim that captives may serve as a potential alternative for ‘traditional’ cyber insurance policies. Cyber attacks and data breaches are increasing across all industries and as a result, organizations are searching for the best way to hedge these risks. However, cyber risk is one of the most difficult to gauge as there is very little data and huge industry differentials. Additionally, Snyder Tomlinson, Chicago-based SVP of cyber insurance at Aon Professional Risk Solutions’ financial services group, explains that captives become relevant because “Cyber is a gap policy; it’s addressing a lot of different areas of risk that traditional insurance does not currently make available.”
While many companies have already made the decision to purchase cyber insurance, others are more hesitant to pull the trigger but understand the importance of doing so before it’s too late. Peter Mullen, CEO of captive and insurance management at Aon Global Risk Consulting, advises others to “incubate that [cyber] risk in your captive. It’s such a difficult risk to quantify that we don’t know how to underwrite for it, we don’t have a scientific way of pricing the premium.” In the next three to five years, improved methods of pricing and underwriting are expected to surface, helping to harden the industry but nonetheless, various exclusions and triggers in policies make captives seem a pretty safe alternative.