Four ways aggregated cyber data can help the London Market

23 September 2020

The lack of relevant and credible cyber insurance data remains a huge challenge for the Lloyd’s and wider London Market, making it difficult for companies to make informed decisions around cyber risk.

Cyber insurance claims have doubled since 2017 to approximately 18,000 in 2019¹, according to AM Best, although the ratings agency suggests the results may be understated due to a lack of standardisation in cyber policies and reporting, along with the use of captive and surplus lines insurers to write cyber coverage.

GettyImages-902601546_teaser

Lloyd’s of London–a market with around 77 insurers providing cyber risk insurance solutions² –accounts for approximately a quarter of the global cyber risk market share, with most of this business coming from the US³. At the start of this year, Lloyd’s set out a new requirement for all policies to be clear on whether coverage is provided for losses caused by a cyber event⁴.

While cyber insurance in the London market is growing fast, different strategies by market participants towards cyber insurance is leading to inconsistencies both in modelling and products offered to clients.

The Verisk Cyber Data Exchange aims to address this by aggregating cyber insurance data from across the industry and providing summarised metrics delivered via interactive dashboards back to participating companies.

To date, the Cyber Data Exchange contains significant assets including:

1 million transactions
Over 100,000 policies
Over $300 million in premium
Over 1,000 claims

Here are four ways aggregated cyber data can help London market companies manage their cyber insurance portfolios.

1. Develop products with more credibility

While other insurance perils have the benefit of years of historical claims data, cyber risk is still in its infancy, and there’s a lack of data around losses to support the growing number of different coverages.

While there are many different vendors that offer cyber risk modelling, when you compare the outputs of vendors side-by-side the results are wildly different. At the 2019 NYC Advisen Cyber Risk Conference, a comparison of different cyber aggregation models found huge discrepancies in the probable maximum loss for different cyber risk scenarios such as mass data breaches, cloud outages, and mass ransomware⁵.

Verisk aims to develop credible and relevant data through its Cyber Data Exchange, whereby companies participating will submit historical data for the past six years and subsequently on an ongoing basis.

Once the Cyber Data Exchange attracts a critical mass of companies and gross written premium, summarised industry business intelligence will be available for all members – including Lloyd’s syndicates. To date, six companies have joined the exchange, with a further five in the pipeline and over a dozen more that have expressed interest in participating. Verisk plans to release industrywide stats to participants as early as Q1 2021.

2. Encourage greater market penetration

Cyber insurance penetration remains comparatively low against other insurance perils which is in part due to the lack of understanding around cyber risk.

A report from AIR Worldwide and Lloyd’s in 2018 estimated that a failure of a top cloud service provider in the U.S. for three to six days could cost the US economy $15 billion and insurers up to $3 billion, which highlighted a significant protection gap. The report also highlighted that the penetration of cyber insurance is estimated at less than 30 percent in the U.S., and much lower in the UK and other countries⁶.

Low insurance penetration means less access to data, which can lead to low underwriting confidence. The low confidence in underwriting can lead to restricted coverage options and buyers doubting the value of insurance, creating a vicious cycle.

Having access to industrywide metrics such as frequency, severity and trends across different dimensions can be very beneficial to companies that are analysing their portfolios or developing quantitative models. Actuaries can take advantage of Verisk’s Cyber Data Exchange to develop risk selection or pricing tools, support rate filings, conduct reserving analyses and perform profitability reviews of their book of business.

3. Enrich your data and improve strategic decision making

London market underwriters may have difficulty evaluating the cyber risk on new submissions, especially for classes of business of organisation sizes they may not have previously been exposed to.

The full cost of a cyber-attack can often be difficult to establish, and cyber policy forms and coverages can vary significantly from company to company. Coverage may relate to business interruption, extortion, incident liability, data recovery costs or incident response costs, for example.

Having access to summarised industry cyber data can help you more easily define trends between the different types of incidents and coverages.

The Cyber Data Exchange captures highly valuable claims information including attack vector, actor involved, asset(s) compromised, and what coverages were triggered.

The exchange gives users access to interactive dashboards with industry loss ratio heatmaps for different industry classes and revenue range buckets (i.e. >$10 million, $10m-$50m, $250m-$1bn etc). You can see which segments of business have higher and lower loss ratios and the underlying premium amounts, which can help users identify more profitable business.

4. Benchmark your results while retaining anonymity

A cyber-attack is usually a sensitive issue for all parties involved, however the lack of transparency around cyber risk and its associated data can hinder insurers’ abilities to confidently grow in this space.

The Cyber Data Exchange has been built to aggregate and anonymise data around the industry to encourage root cause analysis of their portfolios to help identify what may be driving their results and why they may diverge from the broader industry.

Companies that participate in the Cyber Data Exchange can compare metrics for their own portfolios to aggregated industrywide metrics based on data from all other participating companies in order to better understand how they compare.

You can view your company’s claim sizes by classes of business (i.e. education, finance, manufacturing, healthcare) against the average industry claims by class. You can also view the average written premium per policy and see how this has developed over time.

The metrics available to participating companies include:

Incurred loss ratio
Claims frequency
Loss severity
Average loss cost
Average written premium

These metrics are available across different dimensions, including policy/calendar year, type of coverage, NAICS (North American Industry Classifications Systems), different revenue ranges and policy limit ranges.

Anonymity is guaranteed as Verisk de-identifies all submitted company data to ensure the source of the data is not revealed to other participants. Companies contribute data in a manner that’s most convenient for them, and there is no requirement to submit every field. However, in order to maintain equity and encourage complete data reporting, companies will only have access to the summarised data elements that they report themselves.

Participating in the Cyber Data Exchange

The Cyber Data Exchange is available to anyone in the insurance value chain, whether that be reinsurers, brokers, syndicates, MGAs, excess & surplus or admitted insurers.

It’s an integral component of Verisk’s suite of cyber solutions, which includes risk aggregation modeling, risk assessment and scoring, coverage forms, rules, and loss costs, and electronic ratings content.

To find out more please email me at Ben.Churney@verisk.com

Profitability Less Certain in U.S. Cyber Insurance Market as New Risks Emerge, AM Best, July 21, 2020, < http://news.ambest.com/presscontent.aspx?refnum=29635&altsrc=9 >, accessed 25 August, 2020
Cyber products at Lloyd’s, Lloyd’s of London,
< https://www.lloyds.com/about-lloyds/what-lloyds-insures/cyber/cyber-products >, accessed 25 August, 2020
Scrutiny of Management Approach Increases as London Cyber Insurance Market Grows, AM Best, March 2, 2020, < https://www.businesswire.com/news/home/20200301005060/en/Best%E2%80%99s-Special-Report-Scrutiny-Management-Approach-Increases >, accessed 25 August, 2020
Y5277 – Update – Providing clarity for Lloyd’s customers on coverage for cyber exposures, Lloyd’s of London, < https://www.lloyds.com/~/media/files/the-market/communications/market-bulletins/2020/1/y5277-update--providing-clarity-for-lloyds-customers-on-coverage-for-cyber-exposures.pdf >, accessed 25 August, 2020
2019 NYC Advisen Cyber Risk Conference - Comparing and Contrasting Cyber Aggregation Models
‘Cloud Down: Impacts on the US economy’, Lloyd’s and AIR Worldwide, < https://www.lloyds.com/news-and-risk-insight/risk-reports/library/technology/cloud-down > , accessed 25 August, 2020