Kyle D. Bryant
Regional Manager, Cyber Risks, Continental Europe
1. Which new cyber-risks have emerged in the latest years and how has the insurance industry adapted to them?
Cyber insurance is continually evolving. If you think just about the last few years, the two largest adjustments for me have been, the addition of value-added services to insurance policies, for example distinct services to help clients manage the international regulatory challenges, and improvements in the ability to respond to the growing frequency of DDoS and cyber extortion attacks. Looking forward, I do expect changes in coverage driving the next stage of evolution, particularly in relation to the internet of things – bodily injury, property damage, product liability, and product recall. These covers, previously reserved for the general casualty market, are becoming increasingly exposed to cyber risks.
2. To what extent have insurers started adopting a strategic framework to cybersecurity when it comes to underwriting? What are the main challenges they are facing in this department?
With regards to underwriting, finding consistency can be a challenge. Market practice and risk maturity play determining roles in what information we are able to collect. But this doesn’t mean we cannot use our experience to help clients through the process, regardless of the location or size of the risk. While cyber risk seems new, the market is almost 20 years old. There is already much experience on the books and in the heads of specialist underwriters. We use this data to create frameworks for our own underwriting, but have also found we can add real value for clients by delivering this information back to them, to ensure they become better protected, and better prepared, policy year after policy year.
3. How informed is the customer-side and what kind of insurance products in the highest demanded?
It varies. If you look at Europe, first party exposures, namely business interruption and data loss, have been the market drivers since the early 2000s. As more companies came online and became more susceptible to downtime risk in their business, insurance became a comfortable risk management tool for them. However, due to the growing regulatory environment and scrutiny around personal data protections, clients are increasingly selecting to focus on third-party exposures when they purchase the insurance. Also of increasing importance, the services that accompany the policy is where clients find the real value. Many cyber insurance policies are now supported by sophisticated crisis management response services. Now, when we look at the next incident as not ‘if’ but ‘when’ proposition, clients of all shapes and sizes see the need to have access to this type of service.