There’s a huge opportunity for Canadian brokers during this hard market and it’s hidden in plain sight — cyber insurance.
Cyber protection has been a dominant fixture in industry discussions for the past several years. The product has evolved considerably, and sales have nearly quadrupled over four years since the Office of the Superintendent of Financial Institutions (OSFI) started keeping track of premium sales in cyber lines. The industry sold about $15.7 million in net cyber insurance premiums in 2015, and that number shot up to $74.7 million in 2018.
But there is still a significant protection gap to fill in cyber insurance, as the industry has been making loud and clear at industry events this week.
“There’s an opportunity for us to serve the public and to play a bigger role,” Paul Kovacs, founder and executive director of the Institute for Catastrophic Loss Reduction (ICLR), said at Canadian Underwriter’s Top Broker Summit in Toronto Monday.
“We’re playing a much bigger role,” he observed, qualifying his remarks. “There are more commercial customers that know about this product. More boards are demanding this form of coverage. There’s been a big movement, especially with large commercial customers, to buy [cyber] insurance coverage. But there is a need identified in the literature that is much larger than how far we have come. We’re just at the beginning.”
Insurance Bureau of Canada president and CEO Don Forgeron put the cyber opportunity into numbers at the IBC’s Commercial Insurance Symposium in Toronto Thursday.
A recent study of Canadian businesses conducted by IBC found that more than 40% of Canadian small- and medium-sized businesses (fewer than 500 employees) still have no defenses at all against potential cyber intrusions. And a full 60% have no insurance to help them recover from an attack.
As of December 2017, there were 1.18 million employer businesses in Canada, according to StatsCan. Of these, 1.15 million (97.9%) were small businesses (under 100 employees), 21,926 (or 1.9%) were medium-sized businesses (100-499 employees) and 2,939 (0.2%) were large businesses (500 or more employees). Applied to the StatsCan data, IBC’s numbers would suggest that the P&C industry has a market of 703,156 small- or medium-sized businesses that need cyber insurance coverage in Canada.
“This is just one of the many evolving concerns in commercial insurance,” Forgeron said in prepared remarks delivered to the conference Thursday. “One of the big issues facing any commercial enterprise regardless of size today is the risk posed by potential threats to cybersecurity.
“This threat is constantly evolving, which makes it difficult to model with accuracy. I’ve heard one insurance executive put it this way: ‘Hurricanes don’t learn – but cybercriminals do.’ In other words, they get smarter. They find and exploit new vulnerabilities.
“Our challenge is clear: Just like businesses, we need to stay on top of this. We need to make sure we’ve got the people we need to understand, assess and price the risk involved in cyber-related activities. We need to help our commercial clients better grasp and manage their potential vulnerabilities – and protect themselves in the event of a breach.”
The challenge will be especially prominent with the implementation of 5G wireless technology in the coming years, Forgeron added, which is only going to present more targets for cybercriminals. “More opportunities, more potential vulnerabilities,” he said. “And possibly wider and more significant consequences when an attack is successful.”
That vulnerability does have insurers concerned about the major cyber disaster that takes out IT networks governing critical infrastructure – hospitals, hydroelectric dams, nuclear power plants, etc.
Some insurers are concerned about a single catastrophic cyber loss that affects multiple victims, costing the industry billions of dollars’ worth of claims payouts, Patrick Bourk, principal and national cyber practice leader for Hub International Ontario, observed during the Top Broker Summit.
Forgeron indicated in his speech Thursday that governments are seeking public input, and that insurers have been sought to provide input about cyber risks and protection.
“So, we’ve all got our work cut out for us – insurers and their clients alike,” Forgeron said in his prepared remarks. “Together, we should consider a larger role for the industry – a role that focuses on education, sharing what we know about the risks that all businesses now face and trying to bring together stakeholders to better defend the corporate world from cyber attack.”