Using Captives for Cyber Risk Management

Captive insurance has traditionally been used to underwrite property damage, workers’ compensation, medical malpractice and third-party liability risks, but captive coverage of cyber/network liability is expected to become much more popular over the next five years. With a potential maximum loss of more than $30 billion from cybersecurity risk, according to Business Insurance magazine, captives could be a game changer for the cyber insurance industry. But, Mary Chaput, CFO of Clearwater Compliance, explains that one hurdle is “establishing reserves so the captive can fund future losses. [The] lack of statistical data and analytics to project the frequency and severity of a cyber-attack” could lead to problems underwriting policies. While the future of captives for cyber risk management does look promising to some, others question its future.  As Chaput puts it, “if public insurance companies are finding it hard to underwrite cyber policies, how can a captive owned by your company do it?”