More large companies could explore the possibility of using captives to manage their cyber risk either on a standalone basis or by participating in an industry-type mutual.
This is according to Peter Mullen, the chief executive of Aon's global captive and insurance management, speaking at the Bermuda Captive Conference this week.
Aon recently conducted a survey of large companies’ attitudes towards cyber risk and how they manage it. It found that their biggest concern around cyber risk is business interruption, both during and after a breach, while bodily injury and property damage were rated as their lowest concerns.
But Mullen pointed out that losses are starting to move from the intangible world of data into the physical world, resulting in direct damage resulting from cyber attacks. He notes that while cyber policies do not tend to cover physical losses, property policies can sometimes also exclude this type of loss.
The study found that only 59 percent of companies have used a formal risk assessment process to help inform their insurance strategy around cyber, a process that would help most companies get a better handle on the risk.
It also found that 68 percent of companies that buy cyber insurance do so for balance sheet protection and to ensure due diligence comfort for their board of directors. Yet of those that buy, 75 percent have concerns over the loss adjustment process and 99 percent suggest policy terms and conditions need to be clearer.
In terms of buying coverage in the first place, more than 50 percent do not buy any but this varies greatly by industry with companies classed as data holders the most likely to buy (70 percent) compared with just 17 percent of product risk companies (e.g. agriculture, chemicals, food and beverage) which buy coverage.
But one of the conclusions of the survey is that, given the uncertainty over the nature of this risk and what can be covered in the commercial market, more companies could turn to captives to get a better handle on it. The survey revealed that 94 percent of companies would consider sharing their risk with others in their industry as part of a captive facility writing cyber.
“A captive is a risk financing tool and cyber risk is on every agenda now. It would be natural that more companies look at this as a potential solution either on a standalone basis or as group captive,” said Mullen.
“It is also very possible that Bermuda could benefit from this growing industry. Cyber accounts for around $2 billion of premiums globally now but this is expected to grow to $10 billion by 2020. Bermuda has both the right expertise on the captive side and a deep pool of expertise on the re/insurance side in the same place.
“As the world starts to build out new cyber products, Bermuda will be the perfect environment for that to happen and could benefit.”
Bermuda Captive Conference, Aon, Peter Mullen, Cyber, Insurance, Captive, Risk management, Bermuda