New opportunities for commercial brokers in cyber

Brokers selling commercial insurance need to ask clients what they use their computers for and what happens if they lose access to that data, an executive with a Bermuda insurer says.

Computer security (also known as cyber) risk, “will impact every type of business eventually,” Dan Trueman, global head of cyber for Bermuda-based commercial insurer and reinsurer Axis Capital Holdings Ltd., told Canadian Underwriter Thursday.

Brokers need to get a good understanding of the extent to which their clients depend on their computer systems, what they depend on them for and what happens if they lose access to their computer systems in a malware attack for example, suggested Trueman, who is based in London, England.

Axis – which has a Toronto branch office – announced April 16 the launch of its Cyber Center of Excellence, whose services include cyber risk consulting. Axis plans to roll out those services in all countries where Axis operates.

“People are facing a new risk,” Trueman said in an interview. Cyber risks include privacy breaches and losing access to data that clients need in order to conduct business, he added.

“We know we need to understand more about it but we are not asking questions about it and I think the broker has a great opportunity,” to get a better understanding of their client’s cyber risks, he said.

Risks include business interruption and the liability risk of getting sued if someone’s privacy is violated for example.

Axis officials want to go beyond “selling fear” by educating clients on how to mitigate risk.

“The brokers are the first step to understanding what the risk is to transfer,” Trueman said.

In addition to cyber risk education, Axis is now offering cyber risk modelling, the company said in an April 16 press release.

The costs of cyber incidents “are increasingly becoming easier to model,” Trueman told Canadian Underwriter, referring to the severity – or the dollar value loss – of given events.

“We have enough data on a lot of events now that we can tell [for example in a data privacy breach] if many records are breached, what the likely cost of that is” with some margin of error, he said.

“What is difficult is to model the frequency of those events and to look at what actions and inactions create greater frequency,” Trueman said in an interview. “That is one of the greatest challenges of modelling.”