2 July 2019Actuarial & underwriting

Few insurance carriers offering meaningful cyber coverage, warns Zurich captives chief


“Despite the fact that there are more than 100 insurance carriers that offer cyber coverage, there are only a handful of global insurers offering meaningful capacity for large international corporate customers on a primary basis,” according to Paul Woehrmann, head of captive services at Zurich Insurance Company.

In an article titled Have You Thought About A Captive To Manage Your Cyber Risks? on the Zurich website, Woehrmann said this is creating opportunities for alternative approaches. And the alternative approach he has in mind is captives.

Part of the reason cyber coverage is often inadequate is the prevalence of intangible data, and difficulties defining terms that are highly complex and constantly evolving, said Woehrmann. Companies are also threatened in different ways, with some vulnerable to data breaches and others to business interruption, he added.

Woehrmann said: “There is a wide range of policy wordings currently available in today’s market, and given the myriad of exposures that a company may face, this can lead to potential gaps in cover-age or a patchwork of coverages to address specific risks.”

“Many of the issues in cyber insurance and global programs can be managed by pooling the risks in a captive at a reinsurance level,” said Woehrmann, which he argued provides three major benefits: bespoke coverage can be tailored to fit the precise needs of the insured; captives can provide a structured finance solution, pooling risks from multiple regions to improve data quality and analysis; and claims management can be improved.

Captives an also tap ILS capacity, enabling them to provide additional insurance coverages, added Woehrmann.

“Risk managers want globally aligned, controlled master programs for all their exposures worldwide,” he said.

The World Economic Forum Global Risks Report 2019 highlighted a major increase in the risk of cyber-attacks, with a global study by The Ponemon Institute reporting that the average cost of an attack being $3.86 million in 2018 – up 6.4 percent from the year before.