12 September 2021ArticleAnalysis

Can captives end the D&O and cyber drought?

“If the captive cannot bear all the risk, it might be possible to integrate the cyber into an existing multiline stop-loss reinsurance solution.”

Dirk Schilling, HDI Global

The lives of risk managers and insurance buyers have not been easy recently and some new challenges are already on the horizon. Some buyers may have likened their need for capacity to a search for water in the desert. In this article, we investigate the question how captives can be of real help in mitigating the capacity shortage for the cyber and directors & officers (D&O) lines or whether they are merely a Fata Morgana, a mirage on the horizon.First of all, having a captive was a good choice for many companies and risk managers as hardening markets have put increased pressure on rates as well as on capacity. Many corporate captive owners faced the challenge of expanding risk-taking within their captive, utilising it to fill gaps in the programmes and to keep at least some of the expected profits within the company.Companies without a captive started thinking about forming one. Running feasibility studies, comparing domiciles and lobbying for capital was common among the risk managers community over the last couple of years.While in the more traditional lines (with the exception of very special risks) sourcing capacity always remained possible, cyber and D&O markets became extremely tight. Some companies found it very difficult to find enough capacity to fill the towers they were used to.


It is not a secret that the cyber insurance market has been difficult in every sense. Overly optimistic underwriting and high growth expectations in the infant stage of the line, together with increasing losses, have led to an unsustainable situation. Insurers had to react, and reacted: from restrictive underwriting, increasing deductibles, decreasing limits, constrained capacities to high rate increases, it seems that cyber insurance takes it all.From some angles of the market, you may even hear that cyber is not insurable due to the risk of accumulation.The fear of the cumulative risks of having a ransomware event gone mad, harming computers and networks in an unprecedented manner is still something which re/insurers fear. Other scenarios include political hacking arising out of increasing global conflicts with no real precedent on how a war exclusion ultimately will be constructed or, despite all the built-in redundancy, the concentration of data in the clouds.But here is exactly where a captive can come into play. From our perspective, cyber insurance is the perfect fit for a captive even though it is not the classical high frequency and low severity business. Lowering the local deductibles to a level which is acceptable for the local entities and filling the ransomware sublimit can be of great benefit for the company and can help to obtain coverage in the market at a bearable price.Furthermore, the risk of accumulation is clearly not given in a captive and the diversification with other line of business is beneficial. If the captive cannot bear all the risk, it might be possible to integrate the cyber into an existing multiline stop-loss reinsurance solution leading to some significant pricing arbitrage.For the company, the main benefit is to keep the risk insurable and being able to price and manage it well, putting pressure on the local cyber risk experts. Companies can also benefit from the non-accumulation parts of cyber risk, eg, transferring idiosyncratic risks of being hacked to the insurance market. The insurance markets are on the winning side as well, as it is possible to craft comprehensive insurance solutions for large corporates, despite the accumulation risk.While in theory the solution to put at least some of the cyber risks into a captive looks very promising, until now insurers have not been keen on putting up proposals for fronting. It seems they fear lowering the underwriting bar or some reputational damage in the market, by applying less strict rules for captive fronting and providing high capacities in the first instance although retroceded afterwards.However, we see a change of perspective here and expect the number of fronted cyber solutions to grow in the next renewals.


The market situation for D&O is very similar to that of cyber. There might be first signs of a relaxation, but companies are still confronted with prudent underwriting. However, when it comes to the involvement of a captive the situation is very different here. There are two main reasons:Using a captive in a D&O programme increases the likelihood for conflict-of-interest situations between the directors and the company, and
There is a significant correlation between the default of the captive’s parent company and a claim arising out of the D&O insurance.
Let’s examine the two problems. The first one arises out of the special nature of D&O insurance. The very same person, acting in the C-suite of the company, agreeing on the T&Cs of the D&O coverage and its limits might find him or herself moments later as an adversary of the company, sued for damages by the shareholders and defended by the very same D&O insurer, who at the end might cover for some of the damages.While the company is not allowed by law, or out of business considerations doesn’t want to reimburse the officer, the D&O insurance responds in this case. However, if through a captive the company is participating in the D&O programme, a conflict may arise and the company runs the risk of indirectly reimbursing the directors.So independence is of utmost importance here. If a captive comes into play as reinsurer, the situation may become very onerous very quickly. If the captive can influence the claims-handling process, it might influence the defence as well as the payment. This situation should be avoided by decision-makers beforehand.It can do this by letting only the captive participate instead, having strong lead insurer clauses and by avoiding any form of claims corporation clause in case of reinsurance captives. Going in only on high layers or avoiding side A coverage entirely are good ploys to avoid the awkward or even unlawful conflict of interest situation in case of a claim.The second problem is the high correlation between the financial strength of the parent and the captive. When do D&O claims arise most often? When the company is in turmoil. They are usually the direct or indirect result of a crisis, and thus the likelihood of financial turmoil increases.Fronting insurers bear the default risk of a reinsurance captive. They also have to pay the claim in cases where the reinsurer went bankrupt. So a D&O claim can easily give rise to the perfect storm: captive and parent become insolvent, shareholders seeking money from the former board and making claims towards the D&O.The only way insurers can work around this risk is to require hard collateral such as letters of credit in an amount close to the overall fronted limit, which makes the solution rather economically unfavourable.To sum up, it is tempting to write D&O into a captive, but the special nature of the coverage demands high diligence from all involved parties and a careful weighing of benefits and potential risks.

“Complex market environments are good for captives as they increase the freedom of owners.”

Jelto Borgmann, HDI Global


Complex market environments are good for captives as they increase the freedom of owners and allow for alternative risk transfer structures with re/insurers. They can be real water in a drought market.We have shown two fields where we think captive usage will become more important in the future: cyber is the most natural one, where captives can help to spread the risk more economically and help to secure a cyber market which helps large corporations; and D&O, where captive capacity can at least help to fill some holes in the programme.The next step is to intensify the discussion between captives, captive service providers and fronting insurers to craft concrete solutions for these promising fields.