What the P&C industry is telling Wall Street about cyber risk

Commercial insurers are taking a good look at their exposure to widespread cyber events and some are forming partnerships with tech vendors in the hopes of improving their clients’ cyber risk management.

“The next pandemic – the exposure that looks like a virus – is cyber-related because it has no geographic or time boundary to it,” said Evan Greenberg, CEO of Zurich-based Chubb Limited, during a recent earnings call. “We have seen a number of events over recent years that give a glimmer of that. So [cyber risk] is complicated and the product has to evolve to recognize that kind of exposure both on the frequency side and the severity side.”

During a Feb. 5 conference call discussing Chubb’s 2020 financials, Greenberg told investment banking analysts that the inter-connected business world is changing the cyber loss environment. This is especially true with many employees working from home as a result of the COVID-19 pandemic.

It was not the first time this earnings season that stock-and-bond analysts asked questions about cyber risk during an insurer’s earnings call.

Axis Capital Holdings Ltd. CEO Albert Benchimol was asked to explain how his firm manages its exposure to insured cyber losses such as ransomware.

“We are making sure our customers have much better cyber hygiene,” Benchimol said Jan. 28 during the conference call discussing his firm’s 2020 financials. “We have partnered with a number of technology companies to ensure that our clients are both better educated about cyber risk prevention as well as recovery. We have increased prices. We have changed terms and conditions.”

Axis is also ceding more of its cyber risk to reinsurers, suggested Benchimol. Axis writes both reinsurance and commercial primary specialty worldwide.

Ransomware either prevents or limits users from accessing their system, KPMG explains, quoting Trend Micro. Ransomware either locks the system’s screen or locks the users’ files unless a ransom is paid.

Backing up computer files is one way clients can defend against ransomware, Ernst & Young advises.

For its part, managing general agent Ridge Canada Cyber Solutions Inc. encourages brokers to talk to clients about how they can improve their cyber risk and improve their processes.

A broker could ask a client how it educates its employees on basic precautions – such as how to choose good passwords and to avoid clicking on links or opening attachments if they seem suspicious, Ridge Canada CEO Greg Markell told Canadian Underwriter earlier.

“It truly does start with the culture of the client,” Markell said in an interview in 2019.  “When we have those discussions, you get a different perspective around the underwriting. You are not just looking at an application and seeing ‘Yeses’ and ‘Nos’ checked off at that point. You are truly getting your hands dirty with the client, finding out what sort of receptiveness they have, whether they are taking (information security risk) seriously, and frankly you can make a judgement on governance at that point.”

Feature image via iStock.com/matejmo