October 20, 2017

The Council recently attended the second annual InsureTech Connect Conference (ITC) in Las Vegas, where cyber had a strong presence throughout. Attendance was capped off at 3,700 with attendees ranging from InsurTech startups, investors, industry analysts, insurers, brokers and regulators. Jay Weintraub, CEO of ITC, believes attendance next year could be as high as 6,000.

We had the opportunity to hear from a number of InsurTech startups focusing on cyber risk analytics and predictive risk modeling, all designed to aid the broker and carrier in accurately underwriting, pricing and placing cyber coverage. The industry appears to be making strides in this space as many organizations are using real-time and open source data to assess cyber risk.

The business program also featured a cyber-focused panel, which took a deep dive into the difficulties of calculating cyber risk, a lack of standardization and terminology for cyber coverage, cyber risk aggregation and the state of the cyber insurance market.

George Ng, CTO of cyber risk modeling company, Cyence, explained that calculating cyber risk is difficult for a number of reasons, specifically a lack of historical data and a constantly evolving, volatile risk landscape. A risk arising from no single common source, with no geometric boundaries and limitless motives (both innocent and malicious) proves for an impossible risk to predict with certainty. In addition, inefficient employee education for cyber preparedness and inadequate resources for front-end cyber protection are only instigators for cybercrime.

From a coverage standpoint, Adam Hamm, managing director at Protiviti, explained that while it’s important to understand your coverage limits and know how much your organization is willing to pay for a cyber-policy, the most important question is to ask what your cyber policy doesn’t cover. This question will assess the financial burden your organization is responsible for if a breach were to occur.

When asked about the state of the market, panelists agreed that 25-30 percent of companies are currently covered for cyber-risk, and the market could grow 4x over the next four years. While capacity continues to be plentiful in the market, large organizations are asking for higher limits – one panelist explained he has had clients ask for limits as high as $2 billion while the highest limit in the market currently is a $500 million tower, which falls in line with The Council’s Cyber Market Watch Survey.

However,  Ng explained it’s hard to say whether premiums will go up or down based on industry verticals. In 2015, we saw retail rates skyrocket due to the Target breach. The year 2016 was the year for healthcare and ransomware, and 2017 followed with the largest breach in history – Equifax. The uncertainty of cybercrime and data breaches makes predicting cyber risk a seemingly impossible task.

All in all, the information and relationship opportunities at InsurTech Connect is limitless, and cyber will surely play an increasing role in the InsurTech space. For more information about InsurTech Connect, please contact Rob Boyce at Robert.Boyce@caib.com or Jenn Urso at Jennifer.urso@ciab.com.