David FLANDRO, Global Head of Analytics, JLT Re and Pascal MILLAIRE, CEO, CyberCube

XPRIMM: First of all, please tell our readers more details about JLT Re's existing cyber and enterprise modelling tools. What makes JLT Re the partner of choice for those needing to cover their cyber risks? Let's also tell our readers more details about the CyberCube platform and its most valuable capabilities

David FLANDRO: JLT Re's and, actually, JLT's approach to Cyber is unique in that we work hand-in-hand across the entire organization to create optimal and comprehensive cyber modelling solutions. We are undertaking analysis at the retail and specialty level, in conjunction with the insurance and reinsurance perspective. With JLT, you get an 'across the piste' view of the insurer as well as the insured. You also get the very best cyber exposure and aggregation data in addition to our proprietary modelling capabilities which we obviously think are best-in-class. This is very powerful and, I believe, unique.

Pascal: The CyberCube platform was established in 2015 by Symantec Corporation, the world's largest cyber security company and now operates as an independent company. Our platform leverages diverse sources of data and advanced analytic methods, to help insurance companies make better decisions when underwriting cyber risk and managing cyber risk aggregation.

XPRIMM: Your companies have recently concluded a partnership aiming to help JLT's clients manage the evolving nature of cyber risk. How do you see this partnership working, in fact?

David: JLT Re undertook an extensive, year-long analysis of all cyber modelling and data vendors in the market. Cybercube's analytics, especially its probabilistic analyses and uniquely extensive range of loss scenarios are truly state-of-the-art. Cybercube's data sources, including Symantec's security telemetry, are particularly impressive. All of this, combined with our own modelling capabilities mean we can offer a product which generates tangible value-creating insights for clients.

Pascal: CyberCube is providing data-driven probabilistic cyber modeling capabilities to JLT Re. JLT Re's existing cyber and enterprise modelling tools, combined with CyberCube, will provide unique, meaningful insights to help clients manage and measure cyber risk and exposure.

XPRIMM: How would you characterize the current status of the cyber risk market?

David: Nascent. At present, we are in a world where many are still endeavoring to understand how to price Cyber business. There is still a lack of understanding in many areas of where the risk lies and how to quantify it. And we are still working towards the development of a fully-fledged stand-alone Cyber market.

Pascal: Cyber risk modeling for insurers has come a long way in the last few years. Previously insurers were relying on relatively cyber rudimentary scenarios, informed by high level expert-driven estimates.

Today, insurers can use CyberCube to undertake sophisticated data-driven scenario simulations, driven by datasets derived from terabytes of data to produce the kind of insurance-specific tail loss metrics they are used to seeing in the natural catastrophe space. That cyber modeling will continue to grow in sophistication in the years to come but there have been tremendous advances in a short period of time.

XPRIMM: As intelligent technologies increasingly penetrate deeper into all business processes / production, cyber risks are also evolving accordingly and become more and more complex. How is the re/insurance industry dealing with this complexity increase, especially given the fast pace of the phenomenon?

David: The most sophisticated industry players are applying extensive exposure data to their portfolios, applying advanced modelling and analytics and, crucially, over-laying this analysis with original, qualitative thinking including emerging risk scenarios. 

Pascal: For insurers to understand cyber risk, they need an understanding of both the shifting technology landscape as well as the shifting threat actor landscape. This requires deep engagement with experts that deeply understand this dynamic landscape. CyberCube is fortunate to have a strategic partnership with Symantec, which operates one of the world's largest civilian cyber intelligence networks. That partnership allows us to get a deeper understanding of this ever-evolving risk.

XPRIMM: Cyber insurance is one of the fastest growing insurance lines. Yet, there are still many insurers who avoid writing cyber risk policies, most of them declaring that they don't feel they can really asses the complexity and the possible outcome of a cyber incident. What are the most challenging aspect of writing cyber risk insurance? Where do the main threats lie?

David: They may be right! Cyber risk analysis is highly complex, not least because, especially at this early stage, it is mainly exposure-driven. We simply don't have much of a track record of historical losses to go by and so underwriting is very much forward-looking. Additionally, unlike other types of underwriting where baselines and trends can be established empirically, the nature of cyber risk is constantly changing. This may be the most challenging aspect of Cyber underwriting, with the largest threats yet to be quantified or experienced. This is why it is so important to have both the most extensive possible data to work with as well and the best modelling. Original thinking, particularly as regards emerging cyber risks, is also essential.

Pascal: Overtime, underwriters have become a lot savvier about understanding the frequency and severity of data breaches. The challenge is, increasingly, the more important risk is from business interruption due to a cyber event, which is far more challenging to model particularly from an aggregation perspective.

Insurers who are not investing in building their cyber capabilities and decide to "avoid writing cyber policies" face two challenges. Firstly, they may have substantial silent cyber exposure embedded into other lines of insurance and put themselves in a position where they aren't well positioned to understand that exposure. Secondly, with the continued emergence of internet-connected technologies in all aspects of the modern economy, over time there are few lines of insurance that aren't impacted by cyber in some way. Understanding the complexities of cyber risk is essential to the future of any property & casualty insurer.

XPRIMM: If it would be for you to make a prediction on the cyber risk insurance future - which do you see as being the main trends in the following years?

David: Growth. Cyber has the potential to become a substantial and encompassing line-of-business in future. Cyber liabilities are not limited by physical insurable interests as with most lines. Liabilities are dynamic, meaning underwriting methodologies are constantly subject to change. Insurable Cyber risks are obviously growing rapidly creating significant demand. Whether an insurer decides to write stand-alone Cyber or not, it will be expedient for almost all insurers to understand it. Cyber risk now has the potential to affect most other business lines indirectly. If you look at how the world is developing, what we now call 'Cyber' has the potential to become one of the most consequential business lines in the industry.

Pascal: The insurance industry will experience major losses from a catastrophic cyber event. It is not a question of if, it is a question of when.

In the years to come, I believe we will stop thinking about cyber as a line of insurance and will think about cyber as a peril that is pervasive and impacts almost all traditional lines of insurance.

Follow XPRIMM Publications on LinkedIn, for more data on the insurance and financial industry.

Share |

Related articles

Calin RANGU, Director, Intermediaries Supervision and Monitoring Rules of Conduct Department ASF - Financial Supervisory Authority, Romania

Most important are the proactive consumer protection actions. In this respect, ASF has set up a direction to supervise insurers' business conduct. This directorate develops supervision tools aligned to the risk-based supervision principle. Among these tools we mention thematically supervision, mystery shopping, social media monitoring, receiving and processing of bad conduit public alert information. We also put special emphasis on operational risks' management in insurance companies. These risks are in fact those that affect consumers. Employees behavior, lack of processes or inaccurate processes, internal or external frauds, lack of business continuity, IT and cybercrime problems all relate to operational risks and must be managed preventively to protect consumers.


Dr. Savvas TZANIS CEO, IMPERIAL Claims Services

Our customers are extremely happy with our services compared to their partners in Western Europe because they cannot understand them. It is definitely a matter of culture. With us, they feel that they can speak the same language and that we can understand them. So, our aim in the future will be to remain, invest and expand our activities in our region. We want to be a regional player. We try however to bring and apply in our region the best claims handling practices of the biggest loss adjusting groups in Europe they have.


Alexey RUDENKO, CEO, SBERBANK Life Insurance

We expect an increase of the investment life insurance penetration in Russia due to the new legislation on unit-linked, which will allow us to offer new products without guarantee in the context of falling rates. The source for potential growth is the inclusion of life insurance in the new pension system, where insurers could become operators of voluntary pension savings along with non-government pension funds.


Matteo CARBONE, Founder and Director, IoT Insurance Observatory

Don't fall in love for a technology: any solution sooner or later will become obsolete; any investment sooner or later will represent a legacy. The innovation is not a final destination, it is a journey. You cannot stop to innovate. Innovate or die.


Klime POPOSKI: in the Balkans, we need a regional center for actuarial education

"Most of the South Eastern Europe countries lack quality actuarial education. On the other hand, each country has different rules for organizing the educational circles for actuaries. It is mostly a matter of scale: there are not enough persons interested by an actuarial career in each country, meaning that it is not cost effective to organize every year educational programs for the actuarial field. We need to set up some regional center for actuarial education," Klime POPOSKI, President Insurance Supervision Agency, Macedonia stated for XPRIMM in a video interview recorded on the occasion of "IIF 2018 - CEE & SEE - Regional Actuarial Insurance Conference".



Stefan STAVROSITU appointed Sales Director of GROUPAMA's Romanian unit

Groupama Asiguraari, the Romanian arm of the French group and of the leading players on he ocal market, has announced the appointment of Stefan STAVROSITU as National Sales Director, replacing Julien RAMILLION who, after holding this position for four years, will receive other responsibilities.



LIVE: IIS Global Insurance Forum 2018 / Day2

The works of the Global Insurance Forum continued today in Berlin, Germany. Providing security for ageing populations in health care and pensions terms, as well as innovation and InsurTech or innovative strategies for the future development of the industry are on the today's agenda.


See all