I have worked for insurance carriers (in marketing / market research areas) for almost 20 years beginning in the mid-1960s, been a management consultant (operational, strategy, and product development gigs) to the insurance industry for almost 10 years, and been an insurance industry analyst since 1997 (focused on the ways current and emerging technologies do or could impact various functional areas of insurance commerce, including customer service, marketing and distribution, target marketing, channel support, and product development).
I am a “creature of the insurance industry”. However, I am not a financial person. No investment banking, no commercial banking, no venture capital experience, no angel investing experience.
After talking to some of my LI contacts, I’ve come to believe there are two major issues regarding cyber insurance:
Issue #1. Can insurers continue to generate combined ratios under 100% as cyber risks continue to evolve to more complex forms? I do not believe primary insurers can do so (even if they give MGAs more ‘power of the pen’). I’ll call this the “insurability issue”.
Note: I’m using and asking the word “evolve” above to carry a lot of weight. The cyber risk space is not static, is not stable, and is not mature. The cyber risk space is still in its extremely early infancy although cyber risks have existed for about 30 years. The cyber risk space is an Nth dimensional space that extends and expands in time-space: each instance a digital artifact (e.g. new or repeat company digital transformations; cloud-deployed functional software solutions; digital documents accessed and used by employees within a corporation or among participants of a corporation’s ecosystem; use of social media; use of web conferencing solutions) is connected to the web; each instance a physical artifact with an IP-sensor (e.g. IoT device inclusive of robots, drones, personal or commercial vehicles with ADAS, AV trucks, personal smartphones or other ‘smart’ devices; smart home appliances) is connected to the web; each instance a sentient entity with an IP-sensor (e.g. human, farm animal) is connected to the web; each instance a NHI is connected to the web; or each instance any two of these are connected to each other and connected to the web. The cyber risk space is continually expanding, evolving, and branching into a vast interconnected and interdependent space that makes The Matrix as understandable as the inner workings of a black hole in space. Yes, I am asking the word “evolve” to carry a great deal of weight.
Issue #2. Can insurers ‘consider’ cyber risk management of the perpetually expanding cyber risk space as a financial instrument to generate the returns they want on their investments – specifically the invested financial capacity they allocate to cyber? I do not know the answer. However, some of my LI contacts, who I respect, say the answer is “yes” regardless of the evolution of cyber risks into more complex forms. Perhaps they are referring to reinsurers or to E&S insurers or to MGAs financially back-stopped by reinsurers or to the reinsurance areas of primary insurers. If they are referring to primary insurers, I disagree. I’ll call this the “financial risk instrument issue”.
Result: My past, current, and future LI posts, comments, and as importantly, the book I’m slowly drafting about insurance commerce and cyber risks will be based solely on my decades of (primary) insurance industry experience and steadfast point-of-view about the “insurability issue” of cyber cover.
However, I remain open to and willing to listen to understand how insurers can achieve their desired returns they want by viewing cyber insurance cover as a financial instrument – and which types of insurers can best accomplish this objective.
Rabkin's Opinions 