Insurance Commerce in the Cyber Age My 2nd Insurance Book Project [Updated January 30, 2023]

As some of you know and now those of you who read this post will know, I’m going to write a 2nd book. I have tentatively titled this book “Insurance Commerce in the Cyber Age”.

(My first book is titled ” From Stone Tablets to Satellites: The Continual Intimate but Awkward Relationship Between the Insurance Industry and Technology” and is available on Amazon in Kindle, Audible, Paperback, and Hardcover formats.)

Wells Media will again edit and publish my book. I continue to appreciate Patrick Wraight’s and his colleagues help at Wells Media Group to edit and otherwise move my book from ideation to be published for the insurance industry.

The Cyber Age has a multiplicity of facets including, but certainly not limited to: cyber insurance; self-insurance; auditing, monitoring, remediation, and preventative services; emerging technologies and their applications; government regulations; and human behaviors and actions. Cyber exposures will continue to grow (exponentially?) as they spread through an ever-expanding attack space impacting consumers, corporations, and governments.

The main focus of my 2nd book is on insurance commerce in the cyber age.

I have a hunch that focus, along with consideration of the various applicable facets of the cyber age, will be enough to keep me off the streets at night. More importantly, I’m striving to provide value to the insurance industry with the focus being on insurance commerce.

This blog post encompasses my:

  1. High-level timeline plan
  2. Audience for the book
  3. Discussion objectives
  4. More detailed plans for the 2nd book
  5. Cyber insurance beliefs.

My high-level timeline plan

Here is my high-level timeline plan:

  1. Conduct research throughout 2023. This includes gathering source materials, analyzing them, synthesizing my analysis into (hopefully) cogent notes and ideas; getting briefings from cyber insurance / risk participants including (re)insurance carriers, brokers / MGAs, cyber risk service / monitoring providers, cyber information brokers, and other participants; and framing (and re-framing) the sections and chapters of the book. I’d like to include profiles of some of these firms briefing me in the book but that depends entirely on getting their approval for their content I’d want to include. I’ll also write WordPress blog posts from time-to-time during 2023 as a way to test my ideas with other people and with myself.
  2. Draft the book during 2024. I expect that I will do several rewrites throughout 2024. My writing process includes creating PowerPoint visuals. As my readers and Wells editors know from my first book, I am a visual person. I need to create or find a diagram of various situations (e.g. the flow of insurance commerce) to understand where cyber risks do exist or could exist. I’ll work with my editor (Patrick Wraight) sending him both progress reports and my initial drafts for his feedback during 2024.
  3. Have the book published by Wells Media in 2025: I plan to send my final draft to Wells Media in early 2025 and collaborate with Patrick Wraight to work through his edits and suggestions (and rewrites where necessary) until he is satisfied the book is ready to be published. At that point, the book is in his court to do his final edits and for his team to perform their magic to publish the book.

Audience

I’m from the business side of the insurance industry and I write for insurance business professionals.

Specifically, the audience for my book are insurance industry business professionals involved in cyber insurance commerce. That includes professionals working for (re)insurance carriers involved in pricing; product development; underwriting; claims; customer service; and marketing, distribution and sales. But it also includes professionals working in the expanding ecosystem of cyber advisory firms providing monitoring, auditing, remediation, analysis / modeling, and prevention services.

I am not writing this for lawyers involved with cyber issues / litigation. I’m not a lawyer and would create “a dog’s breakfast out of it” as our colleagues in Commonweath countries say. However, I’ll contact lawyers involved with cyber insurance, risks, lawsuits, and monitoring cyber-related regulations for assistance whether the lawyers are working for insurance carriers or are plaintiff’s attorneys. However, my blood pressure doesn’t ratchet up when I talk with lawyers working as in-house counsel or otherwise for the insurance industry.

Discussion Objectives

I have always loved to research current and emerging technology since I began working in the insurance industry in the mid-1960s. I have always been on the business side of the insurance industry (other than 4 or so years focusing on computer security and privacy in the SAFARI department of Aetna Life & Casualty in the early 1970s).

Since 1997, I was given the opportunity to become an insurance industry technology analyst and launched and/or guided insurance strategic services at technology analyst firms in the US (The META Group, IDC Financial Insights) and the UK (Omdia but called Ovum when I worked there). The theme running through all of these experiences has been to analyze how current and emerging technology – and its associated applications – does or could impact insurance industry structure as well as insurance commerce and operations to get-and-keep customers. These experiences informed my first book and will inform the second book.

I intend to discuss (some of) the expanding cyber risk attack space impacting personal and commercial lines insurance commerce. My discussion will include current and emerging insurance cyber business commerce models and the associated expanding ecosystem of providers of various cyber advisory services.

My discussion will also include cyber risks facing P&C insurance carriers themselves as participants in the insurance commerce processes. This is definitely a situation where “what is good for the goose is good for the gander”. For me, this includes discussion not only of the P&C insurance commerce models but also of the growing importance of:

  1. D&O insurance for corporations who are – or could be – impacted by cyber risks (whether they purchase cyber insurance or not)
  2. E&O insurance (inclusive of Media Liability) for the applicable corporations who are – or could be – impacted by cyber risks (whether they purchase cyber insurance or not)
  3. E&O insurance for P&C insurance channels (and carriers?) selling cyber insurance
  4. D&O and E&O insurance for firms providing cyber risk monitoring / auditing / remediation services.

This is one of several junctures where I will need assistance from the Insurance Academy discussing which P&C insurance lines of business do or could come into play (Professional Liability?) in my discussion of the (known and possible) risks associated with insurance commerce in the cyber age.

I’d like to include, if the data is available, a discussion of which (re)insurance companies are providing cyber insurance policies, the nature of the cyber insurance coverage, for what range of premium, with which terms, conditions, and restrictions. Where possible, I want to discuss the 3 or 5 year trend of the cyber coverage and its concomitant premium range as well as terms, conditions, and restrictions.

I realize that my discussion should cover cyber risk implications of the interdependent issues of security and privacy. I may have to refocus the book to primarily discuss security. Privacy issues from cyber risks impacting insurance commerce would be fodder for a companion book. (Well, I am semi-retired and enjoying life in Santa Fe, NM.)

More detailed plans for my 2nd book …

I plan to reach out to:

  1. Technology industry analyst firms. The cyber age, for me, rests on the changing digital infrastructure that is continually reshaping our markets and customer expectations. I discuss in my first book that we are now living in a mobile, digital, web-accessible, cloud-enabled marketplace: those terms are how I define the “cyber age”. Trends and challenges of each of those five elements (the 4 technology elements plus the consumer / corporate behaviors of the marketplace) both define and introduce new cyber risks or change existing cyber risks.
  2. (Re)insurers offering cyber insurance coverage
  3. MGAs and brokers selling cyber insurance coverage
  4. Technology and Telco firms offering solutions to insurance companies, brokers, and MGAs to support their marketing, distribution, and sales and service of cyber insurance
  5. Information firms with cyber risk data for various attack spaces
  6. Cyber advisory service firms providing monitoring / auditing / analytical / modeling / remediation / preventative services
  7. Other firms that I identify through my research and/or from suggestions from my LinkedIn members, my contacts at Wells Media, and other contacts.

Cyber Insurance Beliefs

What’s driving me to write this book?

For me, cyber risks feels like terrorism risks.

That feeling drives my foundational beliefs:

  1. Within the next 5 – 7 years, insurance carriers will either stop offering cyber insurance coverage OR continually tighten the terms, conditions, and restrictions of their cyber insurance coverage while simultaneously increasing premiums to lessen their cyber-related losses, expenses, and combined ratios. In short, insurance capacity will become less and less available.
  2. Cyber risks are on the path to become high frequency and high severity, if they’re not there yet.
  3. Catastrophic cyber risks, and other systemic cyber risks, are uninsurable by insurance companies.
  4. The cyber “protection and remediation” market is one where insurance companies will have a diminishing role. Other actors will take on an increasing important larger role:
    • The Federal Government (and the EU and other national governments) will have to take the largest role to provide a financial backstop for companies
    • The ecosystem of cyber advisory service providers will take on an important and growing role working with consumers and corporations who have been, are, and will be targets in the attack space (e.g. every consumer and corporation)
    • Consumers and corporations will have to take on the basic, and continual, role of protecting their own cyber security (with the help of firms in the cyber service ecosystem and with the financial backstop of their federal / national government). Corporations, specifically, will need to heighten their retention levels (both financial and self-protection [which, when skills, experience, and other resources required for protection are factored in essentially “financial” by another name and instantiation].

My beliefs may change as I progress through my research and briefings. However, 40 years + of working in the insurance industry has grounded me to the inconvenient fact that just because a risk exists doesn’t mean that the insurance industry should offer coverage for the risk.

Beginning week of January 9, 2023

I have begin this 2nd book effort the week of January 9, 2023.

As of January 30, I’ll still early days – identifying and collecting source materials; reading comments from a variety of professionals on LinkedIn; and crafting an initial framework for the book.

I would appreciate any comments and direction you want to offer me as I pursue this project. I would also appreciate any firms volunteering to brief me and/or to be included in my book in the 2nd half of 2023. You can respond to this blog post or email me: barryrabkin99@icloud.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.