Four ways aggregated cyber data can help the London MarketBy Ben Churney | September 23, 2020
The lack of relevant and credible cyber insurance data remains a huge challenge for the Lloyd’s and wider London Market, making it difficult for companies to make informed decisions around cyber risk.
Cyber insurance claims have doubled since 2017 to approximately 18,000 in 20191, according to AM Best, although the ratings agency suggests the results may be understated due to a lack of standardisation in cyber policies and reporting, along with the use of captive and surplus lines insurers to write cyber coverage.
Lloyd’s of London–a market with around 77 insurers providing cyber risk insurance solutions2 –accounts for approximately a quarter of the global cyber risk market share, with most of this business coming from the US3. At the start of this year, Lloyd’s set out a new requirement for all policies to be clear on whether coverage is provided for losses caused by a cyber event4.
While cyber insurance in the London market is growing fast, different strategies by market participants towards cyber insurance is leading to inconsistencies both in modelling and products offered to clients.
The Verisk Cyber Data Exchange aims to address this by aggregating cyber insurance data from across the industry and providing summarised metrics delivered via interactive dashboards back to participating companies.
To date, the Cyber Data Exchange contains significant assets including:
- 1 million transactions
- Over 100,000 policies
- Over $300 million in premium
- Over 1,000 claims
Here are four ways aggregated cyber data can help London market companies manage their cyber insurance portfolios.
1. Develop products with more credibility
While other insurance perils have the benefit of years of historical claims data, cyber risk is still in its infancy, and there’s a lack of data around losses to support the growing number of different coverages.
While there are many different vendors that offer cyber risk modelling, when you compare the outputs of vendors side-by-side the results are wildly different. At the 2019 NYC Advisen Cyber Risk Conference, a comparison of different cyber aggregation models found huge discrepancies in the probable maximum loss for different cyber risk scenarios such as mass data breaches, cloud outages, and mass ransomware5.
Verisk aims to develop credible and relevant data through its Cyber Data Exchange, whereby companies participating will submit historical data for the past six years and subsequently on an ongoing basis.
Once the Cyber Data Exchange attracts a critical mass of companies and gross written premium, summarised industry business intelligence will be available for all members – including Lloyd’s syndicates. To date, six companies have joined the exchange, with a further five in the pipeline and over a dozen more that have expressed interest in participating. Verisk plans to release industrywide stats to participants as early as Q1 2021.
2. Encourage greater market penetration
Cyber insurance penetration remains comparatively low against other insurance perils which is in part due to the lack of understanding around cyber risk.
A report from AIR Worldwide and Lloyd’s in 2018 estimated that a failure of a top cloud service provider in the U.S. for three to six days could cost the US economy $15 billion and insurers up to $3 billion, which highlighted a significant protection gap. The report also highlighted that the penetration of cyber insurance is estimated at less than 30 percent in the U.S., and much lower in the UK and other countries6.
Low insurance penetration means less access to data, which can lead to low underwriting confidence. The low confidence in underwriting can lead to restricted coverage options and buyers doubting the value of insurance, creating a vicious cycle.
Having access to industrywide metrics such as frequency, severity and trends across different dimensions can be very beneficial to companies that are analysing their portfolios or developing quantitative models. Actuaries can take advantage of Verisk’s Cyber Data Exchange to develop risk selection or pricing tools, support rate filings, conduct reserving analyses and perform profitability reviews of their book of business.
3. Enrich your data and improve strategic decision making
London market underwriters may have difficulty evaluating the cyber risk on new submissions, especially for classes of business of organisation sizes they may not have previously been exposed to.
The full cost of a cyber-attack can often be difficult to establish, and cyber policy forms and coverages can vary significantly from company to company. Coverage may relate to business interruption, extortion, incident liability, data recovery costs or incident response costs, for example.
Having access to summarised industry cyber data can help you more easily define trends between the different types of incidents and coverages.
The Cyber Data Exchange captures highly valuable claims information including attack vector, actor involved, asset(s) compromised, and what coverages were triggered.
The exchange gives users access to interactive dashboards with industry loss ratio heatmaps for different industry classes and revenue range buckets (i.e. >$10 million, $10m-$50m, $250m-$1bn etc). You can see which segments of business have higher and lower loss ratios and the underlying premium amounts, which can help users identify more profitable business.
4. Benchmark your results while retaining anonymity
A cyber-attack is usually a sensitive issue for all parties involved, however the lack of transparency around cyber risk and its associated data can hinder insurers’ abilities to confidently grow in this space.
The Cyber Data Exchange has been built to aggregate and anonymise data around the industry to encourage root cause analysis of their portfolios to help identify what may be driving their results and why they may diverge from the broader industry.
Companies that participate in the Cyber Data Exchange can compare metrics for their own portfolios to aggregated industrywide metrics based on data from all other participating companies in order to better understand how they compare.
You can view your company’s claim sizes by classes of business (i.e. education, finance, manufacturing, healthcare) against the average industry claims by class. You can also view the average written premium per policy and see how this has developed over time.
The metrics available to participating companies include:
- Incurred loss ratio
- Claims frequency
- Loss severity
- Average loss cost
- Average written premium
These metrics are available across different dimensions, including policy/calendar year, type of coverage, NAICS (North American Industry Classifications Systems), different revenue ranges and policy limit ranges.
Anonymity is guaranteed as Verisk de-identifies all submitted company data to ensure the source of the data is not revealed to other participants. Companies contribute data in a manner that’s most convenient for them, and there is no requirement to submit every field. However, in order to maintain equity and encourage complete data reporting, companies will only have access to the summarised data elements that they report themselves.
Participating in the Cyber Data Exchange
The Cyber Data Exchange is available to anyone in the insurance value chain, whether that be reinsurers, brokers, syndicates, MGAs, excess & surplus or admitted insurers.
To find out more please email me at Ben.Churney@verisk.com
- Profitability Less Certain in U.S. Cyber Insurance Market as New Risks Emerge, AM Best, July 21, 2020, < http://news.ambest.com/presscontent.aspx?refnum=29635&altsrc=9 >, accessed 25 August, 2020
- Cyber products at Lloyd’s, Lloyd’s of London,
< https://www.lloyds.com/about-lloyds/what-lloyds-insures/cyber/cyber-products >, accessed 25 August, 2020
- Scrutiny of Management Approach Increases as London Cyber Insurance Market Grows, AM Best, March 2, 2020, < https://www.businesswire.com/news/home/20200301005060/en/Best%E2%80%99s-Special-Report-Scrutiny-Management-Approach-Increases >, accessed 25 August, 2020
- Y5277 – Update – Providing clarity for Lloyd’s customers on coverage for cyber exposures, Lloyd’s of London, < https://www.lloyds.com/~/media/files/the-market/communications/market-bulletins/2020/1/y5277-update--providing-clarity-for-lloyds-customers-on-coverage-for-cyber-exposures.pdf >, accessed 25 August, 2020
- 2019 NYC Advisen Cyber Risk Conference - Comparing and Contrasting Cyber Aggregation Models
- ‘Cloud Down: Impacts on the US economy’, Lloyd’s and AIR Worldwide, < https://www.lloyds.com/news-and-risk-insight/risk-reports/library/technology/cloud-down > , accessed 25 August, 2020