Should you outsource your response to silent cyber?

Some insurers are specifically allocating internal resources to address silent cyber, while others are outsourcing it, speakers noted recently at NetDiligence’s Cyber Risk Summit in Toronto Feb. 21.

Melinda Parker Thompson, an underwriting specialist with Allianz Global Corporate & Specialty (AGCS), told attendees the insurer is specifically looking at silent cyber across its portfolio. “A number of insurers are going that route,” added panellist Alexandre Tsinos, who does treaty reinsurance broking with Aon.

Parker Thompson said AGCS is looking internally at how much it should allocate to silent cyber to “really allocate money to that exposure, starting building that book of business off it.”

If claims do come in and the approximate cause is the cyber as the trigger, “you can now actually see what that’s doing for your portfolio,” Parker Thompson said during the session Non-Affirmative Cyber. “It allows us to get into the reinsurance piece a little bit more confidently and gives us a bit more leverage in those discussions. That’s the phase we’re working towards right now.”

Silent cyber refers to whether cyber coverage could be read into policies where cyber was not specifically excluded.

From left: AGCS’ Melinda Parker Thompson, Aleksandra Tarkowska of Munich Re, Akin Dirk from Guidewire and Alex Tsinos from Aon during a panel discussion at NetDiligence’s Cyber Risk Summit.

Tsinos said the level of allocation of silent cyber resources differs by insurer. “Some insurers have the view that they wish to in-source that project as much as possible and a lot of insurers actually… don’t have the capabilities to do it internally, or the resources,” he said. “In a different market cycle, their attention is turned elsewhere in terms of profitability concerns and they choose to outsource that. It’s not a long-term end game, but there is a way to guide insurers towards an affirmation of cyber across the breadth of their product suite.”

Until insurers reach that level of affirmation across the entire portfolio, there is a silent cyber product available through Lloyd’s capacity in the interim, Tsinos reported. Aon has been discussion in Canada with a few markets’ insurers; it has placed about a half dozen silent cyber products in North America, primarily out of the United States, he added.

“It is there as a stop-gap,” Tsinos said. “The coverage is available. It’s there and it’s effective.”

From a reinsurance standpoint, Tsinos said he hasn’t encountered any difficulty in placing treaties that include silent cyber. He has faced some differences in interpretation by a small number of reinsurers that question whether or not cedents are using exclusionary language and more affirmative language in their contracts. “So far, for the most part, the standard [Insurance Bureau of Canada] language for data exclusion has been sufficient to resolve those subjectivities.”