九色视频

 
九色视频
九色视频
Product Family
Product Family
Industries
Industries
Reinsurance
Reinsurance
Explore our offerings
Explore our offerings
Claims
Claims
Risk Consulting
Risk Consulting
Resources & Tools
Resources & Tools
Resources and Tools
Resources and Tools
About AXA XL
About AXA XL
About AXA XL
About AXA XL
Media Center
Media Center
Careers
Careers
Get In Touch
Get In Touch

By

Senior Underwriter, Reinsurance - London, AXA XL

Surveys of risk managers routinely rate cyber risk or cyber liability among the top ten risks facing companies today. And not surprisingly, options for managing and mitigating various cyber risks are currently an ongoing topic of discussion in the press, in Lloyd’s, in the boardroom, or indeed within this very forum. So far, however, most of the focus has been from an insurance perspective. But reinsurance clearly has a significant part to play in confronting this evolving and escalating risk. An Evolving Reinsurance Market Most direct insurers will be familiar with the client that wants cyber insurance, but often with limited knowledge of their specific cyber risks or the solutions that would be best suited to their needs. Do they understand the range of coverages available? Do they need cyber coverage in the first place? Is it first-party exposures, third-party or both which are of primary concern? These same questions are relevant to reinsurers. Expert writers of the class know how to manage their portfolios, avoiding saturation in a particular segment or territory, and making sure there is adequate risk management in place via encryption and internal governance. They are also aware of the importance of response times, crisis management and the potential costs involved. These writers will often purchase reinsurance on a traditional risk or clash basis to mitigate volatility and smooth their underwriting results. More concerning are direct insurers that want to dip a toe into the cyber arena, often through facilities where they don’t control the underwriting; this can be seen as a way to diversify the portfolio and achieve rate on what is perceived to be historically loss free business. We also see increased interest from direct insurers to provide cover for cyber in the retail and healthcare sectors; some high profile breaches in these sectors led to significant rate increases, and also improved risk management and controls. Some direct insurers seek cyber opportunities in the open market while others elect to access this business via MGA’s or consortiums. We are regularly approached by clients in London and internationally who are looking to get into cyber. They are usually looking to cover first-party elements like business interruption, data restoration and cyber extortion, as well as third-party exposures such as security and multimedia liability along with the costs associated with breach response including notification, credit monitoring and privacy liability. Our response is entirely consistent. We want to know if the client has: a dedicated cyber underwriter (rather than a PI underwriter dabbling in the class); their own Policy Wording and Prop Form; an understanding of the notification requirements and laws in the territories they are targeting; and sufficient claims capabilities including credit monitoring and data forensics. We are also working to enable clients’ to white-label our offering by packaging the form, application and rating model together with crisis and claims management. What is Covered? Cyber-attacks are a relatively new phenomenon and the (re)insurance markets are still developing robust solutions for managing and mitigating the various risks. As a result, an issue for reinsurers is cyber-related claims filed under a Commercial GL or other “traditional” policy. A prime target for claiming cover under GL could be the personal and advertising injury section. While cyber claims brought under a Commercial GL treaty have been defended in the U.S., this has not been tested in the UK courts. Also, while an element of cyber exposure has been present in FI language through the Electronic Computer Crime provisions, there are some protections here from “hacktivists” whose objective is to disrupt operations and perhaps make a statement but are not in it for personal gain. And with these coverages, if there is no improper personal gain, there is no insurable loss.

An exclusion crafted today could be obsolete in six months.

We are also seeing Bankers Blanket Bond and Crime forms being extended to clarify cyber exposures. While cyber is not excluded on PI policies (although we see the coverage sublimited), it almost certainly would be indemnified as the original wording is written on a civil liability basis. In terms of D&O, since there is no perceived first-party exposure a claim would have to rely on D&O negligence or a class action alleging that proper security procedures were not in place. Some suits along these lines have been filed, but so far none has been successful. For example, after a major U.S. retailer experienced a massive breach, a class action was filed alleging that the board had contravened its fiduciary duties by not having the necessary defences in place to protect the company from a cyber-attack and its consequences. This suit was dismissed in July after an independent Special Litigation Committee investigation advised that it was not in the company’s best interest to pursue derivative claims against the officers and directors. Another challenge is that reinsurance treaties currently lack appropriate exclusions for cyber risks. The CL380, for example, is standard in Marine and Energy treaties, and on original policies, but competitive pressures are pushing some brokers and clients to insist it be removed. However, by just deleting an exclusion are we providing the appropriate coverage in a very technical class? The Lloyd’s Market Association and International Underwriting Association are both keen to develop reasonable exclusionary language, but if we exclude it now are we positively affirming there was coverage in the past? Also, in a challenging reinsurance market clients and brokers are unwilling to accept exclusions, and given the evolving nature of cyber-crime, an exclusion crafted today could be obsolete in six months. In this case, it seems likely that the cyber market will develop in a fashion similar to the terrorism market after September 11th. That is, as more tailored cyber coverages are developed and the market matures, reinsurers should be able to incorporate suitable cyber exclusions into the coverages for traditional classes. Expertise and Monitoring Are Critical If aggregation control is under the spotlight in insurance, the concerns are magnified in reinsurance. However, risk coding within Lloyd’s is improving, as is how we apply our exposures to Realistic Disaster Scenarios. And our in-house software enables us to monitor our exposure to individual risks on an original client basis. It will be some time, however, before we can fully monitor exposures to third-party service providers, cloud users and owners. In the meantime, we have regular meetings with our clients to understand how they assess risk, and conduct regular audits to ensure original policy forms are not broadening. There is also the potential for aggregation from cedants backing consortiums and MGA’s. From the client’s perspective, this can be a great way to access the business without incurring expensive setup costs. For a reinsurer, however, that could mean more exposure collectively to the consortium than the exposure individual consortia members face if they back multiple partners. And in these instances, clients also need to consider carefully whether they are comfortable ceding underwriting control in such a complex and high profile class. So where does that leave reinsurance? Our clients’ expertise is crucial. Direct insurers regularly work with clients to improve their risk management capabilities and practices. As reinsurers are a step removed from the original policy, our focus is ensuring we back experts rather than follow capacity and without proper underwriting controls for pricing, aggregation and portfolio construction. Reinsurers also need to be conscious of the constantly changing legal landscape including data protection/privacy laws and breach notification requirements in the territories where our clients are operating. And while upcoming changes to EU regulations could encourage more clients to buy cyber cover, it could take some time for the markets to respond. For reinsurers, the opportunity – and challenge – is to create solutions to help manage and mitigate even the most complex risks. And that certainly includes cyber risks where our immediate challenge is to help clients grow responsibly and without compromising this evolving and increasingly important class of business.

To contact the author of this story, please complete the below form

First Name is required
Last Name is required
Country is required
Invalid email Email is required
 
Invalid Captcha
Subscribe

More Articles

Quick Links

Subscribe to Fast Fast Forward
Cyber resilience for private equity_1280x385
Fast Fast Forward
Private equity-backed portfolio companies are particularly vulnerable to cyberattacks and can be an attractive target of cybercriminals because of the amount of capital involved in the transactions and the likelihood that many lack robust cybersecurity protections. Making cyber resilience a priority is key to the financial success of private equity firms and their portfolio companies.
Building partnerships through collaboration and expertise.
Fast Fast Forward
InsureTV talked with Lucy Pilko, AXA XL鈥檚 CEO - Americas, to learn more about the ways in which 九色视频is putting their 鈥渃lient first鈥 policy into action.
4D printing_1280x385
Fast Fast Forward
4-D printing is an innovative manufacturing technique that builds on 3-D printing by adding the element of time, making it a promising area of research for a wide range of industries. Understanding the potential benefits and drawbacks will lead to informed decisions about how to best utilize the technology.

Global Asset Protection Services, LLC, and its affiliates (鈥溇派悠礡isk Consulting鈥) provides risk assessment reports and other loss prevention services, as requested. In this respect, our property loss prevention publications, services, and surveys do not address life safety or third party liability issues. This document shall not be construed as indicating the existence or availability under any policy of coverage for any particular type of loss or damage. The provision of any service does not imply that every possible hazard has been identified at a facility or that no other hazards exist. 九色视频Risk Consulting does not assume, and shall have no liability for the control, correction, continuation or modification of any existing conditions or operations. We specifically disclaim any warranty or representation that compliance with any advice or recommendation in any document or other communication will make a facility or operation safe or healthful, or put it in compliance with any standard, code, law, rule or regulation. Save where expressly agreed in writing, 九色视频Risk Consulting and its related and affiliated companies disclaim all liability for loss or damage suffered by any party arising out of or in connection with our services, including indirect or consequential loss or damage, howsoever arising. Any party who chooses to rely in any way on the contents of this document does so at their own risk.

US- and Canada-Issued 尤物视频Policies

In the US, the 九色视频insurance companies are: Catlin 尤物视频Company, Inc., Greenwich 尤物视频Company, Indian Harbor 尤物视频Company, XL 尤物视频America, Inc., XL Specialty 尤物视频Company and T.H.E. 尤物视频Company. In Canada, coverages are underwritten by XL Specialty 尤物视频Company - Canadian Branch and AXA 尤物视频Company - Canadian branch. Coverages may also be underwritten by Lloyd’s Syndicate #2003. Coverages underwritten by Lloyd’s Syndicate #2003 are placed on behalf of the member of Syndicate #2003 by Catlin Canada Inc. Lloyd’s ratings are independent of AXA XL.
US domiciled insurance policies can be written by the following 九色视频surplus lines insurers: XL Catlin 尤物视频Company UK Limited, Syndicates managed by Catlin Underwriting Agencies Limited and Indian Harbor 尤物视频Company. Enquires from US residents should be directed to a local insurance agent or broker permitted to write business in the relevant state.

THIS AXA WEBSITE USES COOKIES

九色视频 as a controller, uses cookies to provide its services, improve user experience, measure audience engagement, and interact with users鈥 social network accounts among others. Some of these cookies are optional and we won't set optional cookies unless you enable them by clicking the "ACCEPT ALL" button. You can disable these cookies at any time via the "How to manage your cookie settings" section in our cookie policy.

Find Out More About the Cookie Policy Privacy Notice
Accept All
Refuse All
Cookie Settings