Insurers vital to increasing cybersecurity hygiene
The insurance industry has a fundamental role to play in increasing the collective cybersecurity hygiene of businesses, said Joshua Motta, cofounder & chief executive of captive owner Coalition, in an address to attendees at the Marsh McLennan Rising Professionals’ Global Forum in London.
Yet despite this critical role, he was quick to acknowledge that the insurance market, particularly in recent years, had not excelled on the cyber underwriting front.
“Businesses are demanding more cyber insurance,” he told delegates, “Yet most of the insurance industry has not been great at underwriting it, particularly more recently. In the fourth quarter of 2020, alarm bells started ringing in actuarial departments that the prices they charged 12 months ago were not sufficient based on the trends they were seeing.”
He added: “The result is a market that has hardened dramatically both in the UK and the US, with massive rate increases of 200% to 300% since January 2020. I’m not aware of any insurance market in history that's hardened as quickly as cyber.”
Equally, the traditional cyber product is becoming increasingly like a health insurance policy. “All of a sudden there are coinsurance provisions,” he noted, “and other supplements and exclusions. It’s like a game of hot potato with carriers collectively throwing risk back to the policyholder at a time when businesses need cyber protection more than ever.”
If the insurance industry is to truly establish an effective, sustainable cyber insurance market, there needs to be a fundamental shift towards active cyber coverage, said Mr. Motta.
Active cyber insurance involves the scanning and analysis of live data for real-time risks using AI and machine learning to spot issues early, alerting policyholders and brokers before damages occur, and in the event of an incident responding quickly to reduce impact and get businesses back on track.
“If we're going to see this future vision of cyber insurance, two things need to happen,” he said. “Firstly, insurance companies will have to natively become technology companies. Insurers today complain that there's not enough data to underwrite cyber risks effectively. My response is, there's never been more data in human history to underwrite cyber risks, you're just using the modern-day equivalent of an abacus to do it.”
The second change, according to Mr. Motta, is that the industry needs to improve the technology of insurance.
“The dictionary definition of insurance is something you purchase to protect you in the present from an uncertain loss in the future,” he said. “So, what if we could reduce the uncertainty of loss or prevent losses from happening? That's a foundational element of active insurance. We want to collect so much data that not only can we make better decisions on who to insure or how to price, but also apply what I call ‘Newton's Third Law of Insurance’ which states that for every underwriting data point, there's an equal and opposite risk engineering opportunity.”
“The underwriting philosophy of active insurance,” he continued, “is not only to collect more data than a competitor, but to collect more data than the customer. In most insurance transactions, it's the buyer that knows more than the seller. If you can flip that information asymmetry, you can do something extremely rare, which is to positively select for risk when you know more about their risk than your customer.”
He concluded: “I believe that going forward insurers will become like large social networks. I don't mean social networks in terms of facilitating social connections, but rather building knowledge – what we call Knowledge Graphs.
“If you collect data at the scale that we at Coalition are, and you combine that with what we all have in the insurance industry, claims data, you can do some really magical things. So, I firmly believe that the future of insurance will be active.”