The next big opportunity
Non-life insurance brokers in search of an emerging trend to take their brokerages to the next level could do worse than adding cyber liability insurance to their product mix. This is because cyber risk is emerging alongside climate change and pandemic as one of the greatest risks of modern times. A media release by global reinsurer, Munich Re, suggests that better preparation is needed to tackle emerging risk trends. “The coronavirus pandemic will be a lesson to us all,” wrote Torsten Jeworrek, Member of the Board of Management at the reinsurer. “We must take action more rapidly and vigorously to ensure that we are not as unprepared for other emerging risks as we were with COVID-19”. This action could include ensuring that both your commercial and personal lines clients are adequately protected against cyber risk.
The underwriter’s headache
Cyber liability was widely discussed during a 27 October 2020 IIG Insights webinar, hosted by another of the world’s dominant reinsurers, Swiss Re. In a presentation on the ‘evolving exposures and changing landscape of casualty losses’, the reinsurer observed that setting appropriate casualty premiums against the backdrop of evolving risks was thought of as ‘the underwriter’s headache’. René Oefeli, Casualty specialist in Technical Training at Swiss Re, identified four change drivers that were radically altering traditional risk parameters. These include advances in technology and scientific knowledge; changing economic circumstances; social aspects and legal standards. “Each of these aspects increase the potential liability of the policyholder,” said Oefeli.
Cyber risk is just one piece of a complex liability insurance sub-class. It stands alongside other liability covers such as personal liability, property owners liability, products liability, broad-form liability, professional indemnity, and Directors’ and Officers’ cover. “Cyber insurance is a mixed product that not only offers third party liability; but first party liability,” said Oefeli. He added that cyber risks were often abstract and intangible and showed no regard for international borders. Brokers and underwriters were encouraged to complete comprehensive risk assessments whenever placing cyber risks. “Risk assessment is key because you have to understand the cyber risk environment at the time you underwrite the risk,” said Zaid Bhana, a senior underwriter at Swiss Re.
Cyber risk insurance set for steady growth
Non-life insurance brokers who are keen to get involved with cyber insurance can turn to one or more of the top players in the domestic market, including insurer AIG and underwriting managers like Camargue, iToo, or SHA. Each of these companies offers a blend of first and third party liability cover that can be structured to meet your client’s unique cyber risk needs. What is covered? Simon Colman, Managing Executive at SHA recently told us to distinguish between key concepts such as ‘cyber insurance’ and ‘cybercrime’. “In most policies the crime element only refers to the theft of funds rather than the whole ambit of cyber exposure,” he said. “This is due to the fact that a data breach could be as a result of an error on the part of the custodian rather than a cyberattack”.
Covers are available to indemnify SMEs and individuals against a range of first party and third party liabilities. Individual policies are mostly concerned with identity theft and ransomware and some insurers are accommodating this by adding elements of cyber insurance to their personal lines covers. SMEs, as mentioned earlier, should only be placed on cover following a thorough risk assessment. These assessments should consider important risk factors such as industry, internal and external systems, third party systems, etc. Their policies can be issued as standalone cyber liability policies or included under a firm’s broad-form liability section.
The good, bad and ugly of tech innovation
It is impossible to discuss cybercrime and cyber risks without considering the impact of technology. Manie van Schalkwyk, CEO of the Southern African Fraud Prevention Services (SAFPS), is using Cyber Security Awareness Month, observed during October each year, to remind risk professionals of the dangers introduced by the ‘work from home’ trend. Each of your clients has benefitted from increased connectivity; but the same technology has made it possible for cybercriminals to improve their attacks. “Connectivity [potentially] gives cyber-criminals access to sensitive information due to employees working over unsecure networks or networks where the security protocols are not as advanced as those of the organisations that they work for,” he said.
One of the consequences of work from home is that cyber criminals can now attack large corporates via the less secure portals being utilised by employees. The cyberattack risk has consequently increased, since it is more difficult to safeguard the security of data and processes outside a corporate network; At the same time, awareness of digital dependency has increased, so that more investment in IT security is necessary and likely,” writes Munich Re. SAFPS encouraged individuals to be vigilant when accessing their emails due to the spike in malicious emails and so-called phishing attacks that occurred during lockdown. A typical tactic is for cyber criminals to pose as a trusted financial institution such as your bank or the South African Revenue Services (SARS).
Phishing alert: Beware of suspicious emails
South Africa’s retail banks are at the frontline of the war against cybercriminals because they often shoulder the burden for losses so incurred. According to Giuseppe Virgillito, FNB Head of Digital Banking, the remote working requirements of lockdown have meant that most people are communicating digitally; and criminals are using this to their advantage to gain people’s trust and perpetrate a fraud against them. “Fraudsters are constantly looking for new ways to get to your information,” Virgillito explained, “and if customers or businesses let down their guard as a result of physical distancing and the need to transact or operate digitally, that unfortunately presents fraudsters with another opportunity to commit their crimes.” Cyber criminals are also on the hunt for doorways into small and medium firms, where their attention quickly turns to valuable customer data.
Writer’s thoughts:
There is compelling evidence that both your commercial and personal lines clients have a growing need for cyber liability insurance. At first glance the personal lines market is being gobbled up by commodities add-ons to existing insurance policies; but there is plenty of room for sustainably underwritten solutions in the small and medium business environment. Have you considered adding cyber insurance solutions to your existing product line-up? Please comment below, interact with us on Twitter at @fanews_online or email us your thoughts editor@fanews.co.za.
