18 August 2014Asset management analysis

Aon: Big prospects for captive owners to fund cyber risk

Aon Global Risk Consulting, the risk management consulting arm of Aon plc, has launched its 2014 Captive Benchmarking paper highlighting the limited number of captive owners currently writing cyber in their captive.

The 2014 Captive Benchmarking Tool captured data from over 1000 Aon managed captive clients and showed that only one percent of captive owners currently write cyber – a figure that has remained static since 2012.

This is surprising given it follows Aon’s 2014 Underrated Threats Report, where 83 percent of captive directors felt that the ranking of 18 for cyber risk was severely underrated.  Aon have recently published ‘Cyber risk and the captive market – a match made in the cloud?’ which outlines the potential for captives to aid in the quantification of cyber risk and risk management processes of how organisations can be protected from this emerging risk.

Vincent Barrett, managing director, Aon Captive & Insurance Management, says: “With the increasing risk of cyber-attacks we were surprised that such a looming and potential source of liability was only being written into a captive by 1 percent of captive owners.  The reluctance for many organisations appears to derive from the challenge of estimating cyber risk exposure and understanding the consequences of cyber events – a challenge equally reflected in the reluctance or companies to purchase cyber insurance.  Our benchmarking tool enables us to understand the key risks that are being written by captive owners and can help us to counsel and guide on future and emerging risks which may not have been considered.”

Sarah Stephens, EMEA practice leader of cyber at Aon says, “Recent high profile cyber losses show that this is an increasingly pervasive business risk and should be taken seriously by the board.  Captive owners should seriously consider the benefits of involving the captive in the process of gaining clarity around cyber risks.  Many businesses don’t feel confident enough in their cyber risk profile to expose themselves to insurer scrutiny, which is one big reason that a captive can be the perfect place for a company’s cyber risk management to mature.”