Cyber insurance policies expected to become more similar in next few years: CIFF speaker
A lot more convergence in cyber insurance policies is expected within the next few years as policies, exclusions and wording get tested and case law develops, John Elb suggested Wednesday during a panel discussion at MSA Research Inc.’s Canadian Insurance Financial Forum (CIFF) in downtown Toronto.
“Right now, because of the soft market, everyone wants a piece of the pie, so the exclusions are diminishing,” Elbl, vice president of AIR Worldwide, said in response to a question about whether he sees policies getting to address particular needs or he envisions a growth in exclusions.
As case law develops, “I believe, say, easily five years from now, we’ll see a lot more similar cyber policies than a lot more divergent,” he noted following the panel discussion, Pricing and Reserving Cyber Risk Products.
“It probably won’t be as similar as, say, the homeowners’ market for policies wording, but I think there will be a lot more convergence than what we have today,” Elbl said.
The vast majority of the cyber market today is commercial, he said. “That’s because the commercial writers are looking at the amount they have to lose,” Elbl suggested.
For personal lines, however, “I haven’t talked to anyone yet that is looking to make a substantial personal lines offering that wouldn’t be simply an endorsement to an existing personal lines product.”
Even so, Milliman consulting actuary Elizabeth Bart suggested consideration must be given to how something like the Internet of Things (IoT) could influence personal lines.
Within the home, for example, IoT will allow for a potentially large number of items to be connected, perhaps opening the door to hacking for personal information, Bart said.
“Even though it was your toaster that (allowed the hacker) in, you still need your ID theft protection,” she advised.
For companies, they need to keep on top of security – monitoring and keeping up to date – since botnets can be on a system for a long time, just waiting to pull the trigger and activate a breach, Elbe explained.
“If there’s a lot of botnets on the system, then the likelihood of getting breached increases quite a bit,” he told attendees.
Although today is not necessarily more cyber risky than a few years ago, Elbl said, having rules and requirements in some jurisdictions requiring breaches to be reported has helped shed light on what the true number of such incidents may be.
Moving forward, though, Bart emphasized data is key and its collection could prove critically important for many things, including underwriting and modelling. “Your pricing is so much better if you start collecting that data,” she suggested.
“We’ve got the computer capacity to collect all that information,” Bart said, emphasizing “that’s what’s going to make those models run so much better.”