and the Pivotal Role of Insurtech in Addressing Emerging Challenges
TLDR: Digitalization has intensified cyberattacks. Cyber insurance offers a solution amidst rising risks, but insurers grapple with data scarcity, rapidly evolving threats, and the accumulation of exposure risks. Insurtechs, with their tech advantages, can help address these challenges by enhancing data collection, real-time risk assessments, and managing exposure.
The Imperative of Cyber Insurance
Our society’s growing digitalization has inevitably led to a growing occurrence of cyberattacks. Additionally, key technology trends such as AI, Web3, and the growing usage of IoT technology are very likely to increase both the number and the severity of these attacks as a result of the expansion of attack surfaces and the sophistication of the attacks.
Moreover, organizations worldwide face greater exposure than ever due to geopolitical conflicts such as Russia’s invasion of Ukraine, which has already made an unprecedented impact on cybersecurity and has made a catastrophic cyber event more likely than ever.
Checkpoint reported that in 2022 global cyberattacks increased by 38% compared to 2021. The FBI also reported that more than 800,000 cybercrime-related complaints were filed in 2022. The total losses were over $10 billion, 45% more than 2021’s total of $6.9 billion.
Managing cyber risk is indispensable, and cyber insurance plays a key part in this.
Why Are Insurers Excited About Cyber Insurance?
Organic growth is hard to achieve in property and casualty insurance due to the maturity of the market. Competition and the commoditization of insurance products are keeping the prices down, which undermines profitability and lowers the volume of premiums. Long-term trends like the decline in car use and, in turn, ownership, may even result in a big downsize of P&C’s biggest line of business: auto insurance.
In the midst of these conditions, cyber insurance surges as an excellent opportunity to achieve significant long-term growth. And the industry has, in fact, experienced double-digit growth in the past years.
According to Swiss Re, global cyber insurance premiums have almost doubled in two years from $5.5 billion in 2020 to $10 billion in 2022. Munich Re has slightly higher estimates of $5.8 billion in 2019. and $11.9 billion in 2022. Both companies expect the market to grow to $22.5 billion in 2025.
However, while the potential for growth is evident, insurers face unique challenges in this nascent market.
Challenges ahead for insurers
Lack of Data
Without historical data, it becomes challenging for insurers to build predictive models that help them assess the probability of loss. Data is in short supply for mainly three reasons:
a) Insurers have not been selling cyber insurance long enough or on a big enough scale to generate their own critical mass of data.
b) There is no comprehensive, centralized source of information about cyber events for insurers to tap into.
c) A large percentage of cyber losses aren’t acknowledged by outsiders.
The scarcity of data may be producing a cycle that can be hindering the growth of cyber insurance. Insufficient data undermines the insurers’ confidence in underwriting and pricing, this prompts them to price their policies higher and restrict the coverages. Buyers will often question the value of the restrictive coverages offered which can inhibit sales, resulting in low market penetration that, in turn, will undermine the amount of data insurers can collect to better price exposures. This discourages insurers from writing more affordable and expansive coverage, which, consequently, depresses sales, perpetuating the cycle.
Cyberattacks continually evolve
Cyber insurance is inherently volatile since it is constantly evolving. Even with good historical data, the existing cyber exposures keep mutating and new ones will continue to arise, especially with new technology advancements.
Insurers will probably avoid creating a definitive predictive model, which involves using historical data to predict future claims or losses since it could be quickly rendered obsolete. Instead, they will likely be focusing on producing risk-informed models where underwriting and pricing assessment are based upon specific risk-management steps buyers can take to be safe, alert, and resilient in their cyber-related activities.
Potential Catastrophic accumulation of cyber exposure
Speaking at Munich Re’s briefing at the Rendez-Vous in Monte Carlo, Stefan Golling, a member of the group’s board of management, underlined that “If we as an industry overall don’t understand the accumulation, or potentially overexpose our overall balance sheets, the cyber market is dead before it actually has achieved a meaningful size” ..
Imagine if a website host is hit with a DoS attack and becomes unable to serve its clients. Suppose that all those who have their website on this platform become unable to do online business while the third-party service is offline. Will the website host’s cyber policy provide coverage for losses suffered by their clients? If not, these companies will likely need their own insurance protection. But what if all these companies buy insurance from the same insurer? There is a real aggregation risk in cyber insurance.
Most likely, insurers don’t know enough about how much exposure they’ve actually taken on, nor if all of their cyber insureds aren’t all in one basket: a cloud, website host, e-mail server, SaaS, etc.
Many carriers are also offering to add cyber risk endorsements to standard P&L policies for SMBs, sometimes for no increase in premiums, to attract new insureds in a competitive market. Are insurers accumulating a substantial, yet underfunded exposure on their books? Are they prepared if a systemic event impacts a wide range of insured small businesses all at once?
Amid these complexities, the technological edge of Insurtech companies offers innovative solutions to these challenges.
Where can Insurtechs add value?
Insurtech’s flexibility and speed of development of technological products make them well-positioned to play an important role in bringing efficiency to the insurance industry, as well as solving relevant pain points. Here are some of the ways they can address each of the challenges identified above.
Tackling the lack of data
Insurtech can develop innovative solutions for collecting, storing, and analyzing a wide range of data related to cyber risks. The creation of platforms that allow for the safe and anonymous sharing of cyber incident data may also be an interesting solution to this problem.
Startups could also leverage alternative data sources, like social media chatter, dark web monitoring, or IoT device behavior patterns, to provide insights on potential threats and vulnerabilities.
Cyence, prior to its acquisition by Guidewire Software, played a pivotal role in cyber risk data analytics. The startup developed a platform that quantified the financial implications of cyber threats by using diverse data sources. This platform helped insurers transform complex datasets into actionable insights, thereby enhancing their understanding of the cyber risk landscape.
Addressing the Evolution of Cyberattacks
Real-time risk assessment tools that continuously scan and monitor clients’ digital assets are key to solving the ever-changing landscape of cyber threats. These dynamic tools provide real-time feedback on vulnerabilities and threats, which can help insurers understand the evolving threat landscape.
Moreover, Insurtechs can offer value-added services such as cybersecurity training, vulnerability assessments, and incident response planning, to help insured entities reduce their risk of cyber incidents. This, in turn, can help insurers manage their overall risk and potentially reduce claims.
As an example of addressing evolving cyber threats, Zeguro continuously evaluates cyber risks, promptly updating businesses about vulnerabilities. They tailor insurance solutions based on these assessments and further bolster businesses with services like cybersecurity training. Zeguro’s integrated approach illustrates how insurtechs can assist businesses in comprehending and adapting to the dynamic cyber environment.
Managing the Accumulation of Cyber Exposure
Tools that assess an insurer’s portfolio and identify areas of high concentration or aggregation risks can guide underwriters to diversify their portfolio. These solutions can map and monitor the interconnectedness of insured entities and stress-test portfolios against systemic events.
Additionally, blockchain and other decentralized technologies can be used to develop peer-to-peer (P2P) insurance models, which can spread cyber risks more broadly, reducing the risk of catastrophic accumulation.
Nexus Mutual, built on the Ethereum blockchain, offers a decentralized insurance alternative. While not solely focused on cyber risks, their peer-to-peer model helps diversify and manage risk accumulations, showcasing a practical use of blockchain in risk spreading.
What we look for
We at Start Ventures have been diving deep into this vertical and have found some characteristics that we believe is key to win in cyber insurance.
Firstly, we cannot emphasize enough the significance of a founding team. A team that has a profound grasp of both the cyber realm and the intricate nuances of the insurance industry is pivotal for triumph in this space.
Strategic distribution is a cornerstone of success in the cyber insurance sector. It’s about leveraging the right channels to ensure that the insurance offerings reach the desired audience in the most effective manner. This might involve tapping into emerging digital platforms, forming partnerships with complementary services, or integrating within established ecosystems where potential clients already operate.
Within the cyber insurance vertical, the capability to amass high-quality and relevant data is a significant differentiator. But it’s not just about volume; it’s about the richness and actionable insights derived from this data. Companies with a robust strategy in harvesting, analyzing, and leveraging data can establish a distinct advantage, creating a formidable barrier against competitors.
Distribution of Cyber Insurance policies for SMEs is a hot topic in this industry. A survey by Markel in late 2021 found that over half of small-to-medium enterprise (SME) respondents had fallen victim to a cybersecurity breach. The increase in hybrid working, as well as limited in-house expertise, has left SMEs increasingly vulnerable to cyber-attacks. However, according to Segwick, less than 20% of SMEs have purchased cyber-specific insurance coverage.
In the domain of cyber insurance for SMEs, it’s crucial to consider the economics of customer acquisition. Given that SMEs typically have a smaller lifetime value (due to their size), finding cost-effective ways to distribute policies becomes essential. An effective approach here is embedding insurance distribution within processes where SMEs are likely to consider cyber insurance. This streamlines the acquisition journey, making the insurance product more attractive and relevant to the SME’s needs.
Moreover, with many SMEs operating without a dedicated tech or IT team, it’s imperative that cyber insurance solutions are not only user-friendly but also intuitive. This means that insurtech solutions should empower SMEs to manage and understand their cyber risks without the need for specialized knowledge or an IT department. Essentially, the less technical the process, the better it is for SMEs.
As cyber threats continue to escalate in scale and complexity, the importance of cyber insurance becomes ever more evident. However, since cyber-attacks are a new and volatile risk, insurers will face a lot of challenges and even obstacles in this growing business line. It is crucial that Insurtech and traditional insurers collaborate to not only revolutionize the cyber insurance market but also to build a resilient digital ecosystem.
By: Nuno Afonso, Analyst