Insurance Commerce in the Cyber Age My 2nd Insurance Book Project [Updated April 13, 2023]


As some of you know and now those of you who read this post will know, I’m going to write a 2nd book. I have tentatively titled this book “Insurance Commerce in the Cyber Age”. I’m striving to provide value to the insurance industry with the focus being conducting P&C insurance commerce with commercial and personal lines clients.

(My first book is titled ” From Stone Tablets to Satellites: The Continual Intimate but Awkward Relationship Between the Insurance Industry and Technology” and is available on Amazon in Kindle, Audible, Paperback, and Hardcover formats.)

Wells Media will again edit and publish my book. I continue to appreciate Patrick Wraight’s and his colleagues help at Wells Media Group to edit and otherwise move my book from ideation to be published for the insurance industry.

Cyber Age

The Cyber Age has a multiplicity of factors including, but certainly not limited to: cyber insurance; self-insurance; auditing, monitoring, remediation, incident response, and (active) preventative services; emerging technologies and their applications; government regulations; and human behaviors and actions. Cyber exposures will continue to grow (exponentially?) as they spread – at times, in a “how the hell did they do that?” fashion – through an ever-expanding multi-dimensional attack space impacting consumers, corporations, and governments.

As my reading progresses and is augmented by the comments of cyber professionals graciously accepting my LinkedIn invitations, I believe there are 11 macro facets of the cyber age (see visual):

I plan to discuss each of the 11 macro facets – and how they are interdependent and/or shaping the cyber age – in detail in my book. Readers of my first book won’t be surprised that I will again have several visuals in the book. Text on its own is too bland (for me) to guide me on my journey to write whatever topics I am focused on.

This blog post encompasses my:

  1. High-level timeline plan
  2. Audience for the book
  3. Discussion objectives
  4. More detailed plans for the 2nd book
  5. Cyber insurance beliefs.

My high-level timeline plan

Here is my high-level timeline plan:

  1. Conduct research throughout 2023. This includes gathering source materials, analyzing them, synthesizing my analysis into (hopefully) cogent notes and ideas; getting briefings from:
    • cyber insurance / risk participants including (re)insurance carriers, brokers, and MGAs,
    • cyber risk service / monitoring service providers,
    • cyber information brokers, modeling and predicting (cyber risks), and other cyber analytical participants
  2. Still in 2023. Framing (and re-framing) the sections and chapters of the book. I’d like to include profiles of some of these firms briefing me in the book but that depends entirely on getting their approval for their company’s content I’d want to include. I’ll also write WordPress blog posts from time-to-time during 2023 as a way to test my ideas with other people and with myself.
  3. Draft the book during 2024. I expect that I will do several rewrites throughout 2024. My writing process includes creating PowerPoint visuals. As my readers and Wells editors know from my first book, I’m a visual person. I need to create or find a diagram of various situations (e.g., the flow of insurance commerce) to understand where cyber risks do or could exist. I’ll work with my editor (Patrick Wraight) sending him both progress reports and my initial drafts for his feedback during 2024.
  4. Have the book published by Wells Media in 2025: I plan to send my final draft to Wells Media in early 2025, collaborate with Patrick Wraight to work through his edits and suggestions (and rewrites where necessary) until he is satisfied the book is ready to be published, and turn over our collaborative result to him. At that point, the book will be in his court to do his final edits and for his team to perform their magic to publish the book.


I’m from the business side of the insurance industry and I write for insurance business professionals.

Specifically, the audience for my book are insurance industry business professionals involved in cyber insurance commerce. That includes professionals working for (re)insurance carriers involved in pricing; product development; underwriting; claims; customer service; and marketing, distribution and sales. But it also includes professionals working in the expanding ecosystem of cyber advisory service firms providing monitoring, auditing, remediation, analysis / modeling, incident response, and prevention services.

Discussion Objectives

I have always loved to research current and emerging technology since I began working in the insurance industry in the mid-1960s. I have always been on the business side of the insurance industry (other than 4 or so years focusing on computer security and privacy in the SAFARI department of Aetna Life & Casualty in the early 1970s).

Since 1997, I was given the opportunity to become an insurance industry technology analyst and launched and/or guided insurance strategic services at technology analyst firms in the US (The META Group, IDC Financial Insights) and the UK (Omdia but called Ovum when I worked there). The theme running through all of these experiences has been to analyze how current and emerging technology – and its associated applications – does or could impact insurance industry structure as well as insurance commerce and operations to get-and-keep customers. These experiences informed my first book and will inform the second book.

I intend to discuss (some of) the expanding cyber risk attack space impacting personal and commercial lines insurance commerce. My discussion will include current and emerging insurance cyber business commerce models and the associated expanding ecosystem of providers of various cyber advisory services.

My discussion will also include cyber risks facing P&C insurance carriers themselves as participants in the insurance commerce processes. This is definitely a situation where “what is good for the goose is good for the gander”.

For me, this includes discussion not only of the P&C insurance commerce models but also of the growing importance of:

  1. D&O insurance for corporations who are – or could be – impacted by cyber risks (whether they purchase cyber insurance or not)
  2. E&O insurance (inclusive of Media Liability) for the applicable corporations who are – or could be – impacted by cyber risks (whether they purchase cyber insurance or not)
  3. E&O insurance for P&C insurance channels (and carriers?) selling cyber insurance
  4. D&O and E&O insurance for firms providing cyber risk monitoring / auditing / remediation services.

This is one of several junctures where I will need assistance from Wells Media’s Insurance Academy discussing which P&C insurance lines of business do or could come into play (Professional Liability?) in my discussion of the (known and possible) risks associated with insurance commerce in the cyber age.

I’d like to include, if the data is available, a discussion of which (re)insurance companies are providing cyber insurance policies, the nature of the cyber insurance coverage, for what range of premium, with which terms, conditions, and restrictions. Where possible, I want to discuss the 3 or 5 year trend of the cyber coverage and its concomitant premium range as well as terms, conditions, and restrictions.

More detailed plans for my 2nd book …

I plan to reach out to:

  1. Technology industry analyst firms. The cyber age, for me, rests on the changing digital infrastructure that is continually reshaping our markets and customer expectations. I discuss in my first book that we are now living in a mobile, digital, web-accessible, cloud-enabled marketplace: those terms are how I define the “cyber age”. Trends and challenges of each of those five elements (the 4 technology elements plus the consumer / corporate behaviors of the marketplace) both define and introduce new cyber risks or change existing cyber risks.
  2. (Re)insurers offering cyber insurance coverage
  3. MGAs and brokers selling cyber insurance coverage
  4. Technology and Telco firms offering solutions to insurance companies, brokers, and MGAs to support their marketing, distribution, and sales and service of cyber insurance
  5. Information firms with cyber risk data for various attack spaces
  6. Cyber advisory service firms providing monitoring / auditing / analytical / modeling / remediation / preventative services
  7. Other firms that I identify through my research and/or from suggestions from my LinkedIn members, my contacts at Wells Media, and other contacts.

Cyber Insurance Beliefs

What’s driving me to write this book?

For me, cyber risks feels like terrorism risks.

That feeling drives my foundational beliefs:

  1. Within the next 5 – 7 years, insurance carriers will provide less and less cyber insurance capacity by:
    • stop offering cyber insurance coverage
    • lower the limits of cyber coverage they offer
    • continually tighten the terms, conditions, and restrictions of their cyber insurance coverage
    • increase premiums to lessen their cyber-related losses, expenses, and combined ratios.
  2. Cyber risks are on the path to become high frequency and high severity, if they’re not there yet.
  3. Catastrophic cyber risks, and other systemic cyber risks, are uninsurable by insurance companies.
  4. The cyber “protection and remediation” market is one where insurance companies will have a diminishing role. Other actors will have to take on an increasing important larger role:
    • The Federal Government (and the EU and other national governments) will have to take the largest role to provide a financial backstop for companies
    • The ecosystem of cyber advisory service providers will take on an ever-increasing important role working with consumers and corporations who have been, are, and will be targets in the attack space (e.g. every consumer and corporation)
    • Consumers and corporations will have to take on the basic, and continual, role of protecting their own cyber security (with the help of firms in the cyber service ecosystem and with the financial backstop of their federal / national government). Corporations, specifically, will need to increase their retention levels (both financial and self-protection [which, when skills, experience, and other resources required for protection are factored in are essentially “financial” by another name and instantiation].

My beliefs may change as I progress through my research and briefings. However, 40 years + of working in the insurance industry has grounded me to the inconvenient fact that just because a risk exists doesn’t mean that the insurance industry should offer coverage for the risk.

Begun week of January 9, 2023

I began work on this 2nd book effort during the week of January 9, 2023.

I am continuing to identify and collect source materials; reading comments from cyber professionals on LinkedIn; and crafting an initial framework for the book.

I would appreciate any comments and direction you want to offer me as I pursue this project. I would also appreciate any firms volunteering to brief me and/or to be included in my book in the 2nd half of 2023. You can respond to this blog post or email me:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.