Allianz Global Q&A: Cyber insurance trends

December 3, 2021 7:15 AM

A woman works at an Apple Inc. laptop computer on a desk in a children's bedroom in this arranged photograph taken in Bern, Switzerland, on Saturday, Aug. 22, 2020. The biggest Wall Street firms are navigating how and when to bring employees safely back to office buildings in global financial hubs, after lockdowns to address the Covid-19 pandemic forced them to do their jobs remotely for months. Photographer: Stefan Wermuth/Bloomberg — A woman works at an Apple Inc. laptop computer on a desk in a children's bedroom in this arranged photograph taken in Bern, Switzerland, on Aug. 22, 2020.

Digital Insurance spoke with Thomas Kang, the North American head of cyber technology and media for Allianz Global Corporate & Speciality about cyber insurance trends and challenges ahead for the industry.

The following responses have been lightly edited for clarity.

What are some current cyber insurance trends to note?

The conversation is all about ransomware. That’s what is driving the marketplace and while it has been around for a long time, the frequency has increased in the last two to three years. Because of that, we are in a hard market for cyber insurance, where there is a limited capacity and higher premiums.

The market accelerated for cyber insurance in 2010, when there were several data breaches in the retail and healthcare sectors. Carriers pivoted into the space then and there was a lot of capacity available from around 2015 onward because of the competition, premiums were competitive but there was no real focus on risk quality.

The frequency and severity were accelerating before the COVID-19 pandemic but the work from home environment has made an impact. Phishing attacks compromise the network and more than 25% of claims are related to remote access being compromised. The work-from-home environment has accelerated the exploitation of the vulnerable because of that remote access.

Does digital transformation play a role?

Digitization has been happening for the last 20 years and data breaches weren’t necessarily impacted by that except in healthcare. It really depends on the industry sector.

For manufacturing, there isn’t a lot of sensitive information, and so prior to the most recent past manufactures weren’t a targeted sector because there was minimal information risk but because of trends they’ve been hit hard and we’ve tried to bring in more security there.

What are the most interesting findings from the “Ransomware trends: Risks and Resilience” by Allianz Global Corporate & Specialty?

One of the areas of focus has been the maturation or maturing of the ecosystem of gangs. Ransomware as a service is getting much more to the point of a subscription service that is available for $40 a month. Bad actors can use this service, get access and deploy ransomware attacks and get paid. The rise of this should be focused on because it is a service and it will impact companies that don’t have basic cyber hygiene in place.

There is a need to understand and provide better cyber security.

Looking ahead, what should insurers be aware of?

We are optimistic about ransomware trends. We expect it to show up in data in the next couple of years that we have taken steps to secure and address ransomware. There will be improvements.

Another area of focus includes privacy and technology development that can impact privacy and security like artificial intelligence. There has been a lot of regulator focus on this and there is a growing marketplace. One of the key challenges for us is understanding the limitation and the new exposure it introduces to clients and how we can underwrite it.

Privacy and new regulations are introducing the idea of privacy rights.

Also, AI is going mainstream and being adopted by companies--this will impact how we look at privacy and security in the future.

Anything else you would like to share?

When you look at cyber there are a few things to consider like what is happening inside the firewall, risk management and data privacy.

It’s important when thinking about interconnectivity and supply chain risk that insurance carriers consider visibility and partnering with the public sector.

For example, we have a Google partnership to get access to data, we have visibility into the security of the cloud for clients and because we have the additional visibility we can increase capacity in this hard market.