13 April 2022ILS

Captives still learning when it comes to cyber, says Aon

Captives remain underutilized in addressing cyber risks, despite more than a six-fold increase in retained cyber premium, according to Aon.

The broker’s new E&O and Cyber Market Review notes that there has been a 650% increase in cyber premium retained in captives since 2018. “However, the extent of captive utilization to address the needs of organizations facing these conditions remains disproportionately lower than the extent of these challenges,” the report authors argue.

Just 10% of the broker’s global captive management portfolio currently write the risk, it finds. Of those that do, 55% are in the US, while finance and healthcare are the leading sectors using captives to cover cyber. Little more than a fifth (22%), meanwhile, use deterministic/stochastic modelling to support their cyber risk financing strategy. The majority rely on either market benchmarking (38%) or broker guidance (27%).

“Our survey results suggest that risk financing maturity is on an upward trajectory, albeit still at relatively early stages,” the report reads. The most common rationale for using a captive is premium reductions (35%), followed by access to insurance and reinsurance.

The use of captives in a “transactional” manner in reaction to the market conditions underlines the lack of maturity, the authors add.

Despite this, the report finds that captives do play a “meaningful role” in cyber risk conversion, and captive use is expected to gain traction. However, the authors note: “For a captive strategy to have optimal impact, it should be anchored in supporting the alignment of the risk and network security communities. This can help drive maturity around insurance purchasing behaviours, while emphasizing risk governance and claims control.

“Analysis of the data from our captive utilization for cyber survey suggests that organizations, to date, have not embraced the role that a coordinated retention financing approach for cyber can play for an organization.”

It concludes that while cyber is no longer emerging, it can still be considered in the “incubation” phase for captives.

“It is no surprise that cyber resilience, privacy compliance, third party risk and contractual risk will remain front and centre for both underwriters and businesses around the world in 2022,” said Christian Hoffman, global cyber leader at Aon.

“As we work to prepare our clients for increased volatility and intensified cyber risks, we encourage decision makers to develop and maintain a long-term vision. E&O and cyber exposures will continue to be a top risk for companies. It’s important that business leaders align their cyber insurance program strategy with their continued cyber maturity efforts so they can make better decisions today and in the future.”