November 18, 2015 17:12 ET

Setting the Risk Appetite for Cyber Insurance

Interview With Ryan FitzSimmons, Assistant Vice President, Underwriting, Great American Insurance

NEW YORK, NY--(Marketwired - November 18, 2015) - There has been an unprecedented increase in cyber attacks on financial and nonfinancial institutions. As a result, companies are looking for cyber insurance to protect themselves from huge financial, legal and reputational damages as well as the regulatory scrutiny. Insurers have a great opportunity today to grow the customer base and revenues by offering cyber protection coverage but the area is new for them and development of these new products and policies has proved to be very challenging.

Mr. FitzSimmons, Assistant Vice President, Underwriting at Great American Insurance recently spoke with GFMI about key topics to be discussed at their Optimization of Insurance Products and Policies for Cyber Risk Conference, February 22-24, 2016 in New York, NY.

Why is Cyber Risk such a key issue for insurers at this time?

RF: I think there are two primary forces at work here. First, this is a tremendous avenue for growth as many are predicting global cyber risk premiums to exceed $10B in the not too distant future. It's a little early to pick the ultimate winners and losers in this space, but, from a competitive standpoint, it's obvious that if we don't offer solutions to help our policyholders address and confront the risks related to data and privacy then our competitors certainly will.

Secondly, the stakes are extremely high when insureds don't manage these risks comprehensively. Losses from cyber related events and shortcomings show up in many difference product lines, many of which that have not historically contemplated and priced for those scenarios. Take for example Directors' and Officers' Liability. Only recently did D&O underwriters begin to understand the financial implications of poor network securities, however, the Target data breach and subsequent shareholder derivative lawsuit has ushered in a new battery of questions that underwriters are using to try and understand and price these risks. So, while there is a tremendous opportunity for growth, there are also a lot of opportunities to make mistakes.

How'd you like to fund both Target's data breach remediation and their shareholder settlement? Would doing a good job on the former help minimize the latter? And that's just one example. Understanding how those risks and others are related, recognizing and managing the aggregation points, and at the same time helping agents and insureds to appropriately identify and minimize those risks will have major implications for Insurers top and bottom lines.

At the conference you will discuss how to model and price premiums. What are the effects of the lack of standardization when it comes to the pricing of premiums?

RF: The lack of standardization in pricing models is resulting in large variations in both pricing and terms and conditions within the cyber risk insurance marketplace. It's also making it difficult for agents to explain to buyers what underwriters are looking for in terms or what constitutes a big risk or a small risk or even a good risk as opposed to a bad one. When insureds don't feel like the price they pay is reflective of their risk they don't buy insurance, it's as simple as that. Until we can standardize some of these pricing elements, we are going to struggle to sell policies to the vast majority of businesses.

Why do you think there are so many grey areas surrounding cyber coverage and what impact is this having on the industry?

RF: This is a relatively new product. In the grand scheme of things 10 or 15 years of 5% or fewer companies buying coverage is not a lot of data points to analyze. As a result, insureds don't have a ton of confidence that the form will respond as intended and many insurers lack confidence that their rates will generate profitable results over time. Sprinkle in the speed with which criminals and state actors are able to develop new and clever ways to exploit weaknesses and monetize what they get can their hands on and its pretty easy to see that we've got a long ways to go toward better underwriting approaches and better articulating exactly how the policy is intended to respond.

What does the future of cyber risk insurance look like?

RF: This is presently a market in flux. We're already starting to see many markets make significant adjustments to rates, terms and conditions, and appetite so I think it's safe to say the future will look very different from the past. There will likely be a culling of the herd as some of the more recent, less committed capital exits the mono-line marketplace and, at the same time, I think it's very likely that many rider/endorsement based solutions that give on one hand and take away on the other will continue to be attached to various other product lines.

The elimination of sublimits is already well underway and is likely to continue and longer term should clear the path for a more standardized approach to the way policies are organized. However, there will always be industry specific niche players with more tailored products than those offered by generalists.

What do you think attendees will gain from attending this meeting?

RF: I think there is a lot of fear mongering taking place right now and I think many prospective buyers are sceptical as a result. If there really are only two types of companies out there, those that know they've been breached and those that don't, then why are their 50+ markets for this coverage and another offering or two coming out every month? Insurers are notoriously averse to areas where everyone gets a claim, just ask Florida homeowners looking for wind storm coverage. I think attendees will gain insights that will help them cut through that kind of noise and better understand the real challenges agents and insurers are presently faced with in terms of better developing and really maximizing this opportunity.

Ryan FitzSimmons -- AVP, Underwriting, Great American Insurance Group's Executive Liability Division (ELD) -- Ryan is a graduate of the University of Cincinnati (2001) where he earned a B.A. in Business Economics and graduated Magna Cum Laude. He joined Great American's Executive Liability Division (ELD) in 2002 and in 2007 transitioned into his first product management role. In 2010, Ryan assumed responsibility for managing ELD's MGA/MGU distribution channel, most notably as relationship manager and referral underwriter for a large book of Cyber Risk & Media Liability Insurance. In 2014 ELD launched an in-house cyber product, Cyber Solution, under Ryan's direction and his present role is primarily focused on leading Great American's effort to establish Cyber Solution as core part of ELD's management liability portfolio. Ryan, his wife Kim, and their son Colin (10) live in Schaumburg, IL.

For more information about the Cyber Risk Conference, please click here to download the conference agenda.

About Global Financial Markets Intelligence

GFMI is a specialized provider of content-led conferences for the financial markets. Carefully researched with leading financial market experts, our focused quality events deliver key bottom-line value through targeted presentations, interactive discussions and high-level networking opportunities.

Contact Information