INTERVIEW: David FLANDRO, Global Head of Analytics, JLT Re Pascal MILLAIRE, CEO, CyberCube
David FLANDRO: JLT Re's and, actually, JLT's approach to Cyber is unique in that we work hand-in-hand across the entire organization to create optimal and comprehensive cyber modelling solutions. We are undertaking analysis at the retail and specialty level, in conjunction with the insurance and reinsurance perspective. With JLT, you get an 'across the piste' view of the insurer as well as the insured. You also get the very best cyber exposure and aggregation data in addition to our proprietary modelling capabilities which we obviously think are best-in-class. This is very powerful and, I believe, unique.
Pascal: The CyberCube platform was established in 2015 by Symantec Corporation, the world's largest cyber security company and now operates as an independent company. Our platform leverages diverse sources of data and advanced analytic methods, to help insurance companies make better decisions when underwriting cyber risk and managing cyber risk aggregation.
David: JLT Re undertook an extensive, year-long analysis of all cyber modelling and data vendors in the market. Cybercube's analytics, especially its probabilistic analyses and uniquely extensive range of loss scenarios are truly state-of-the-art. Cybercube's data sources, including Symantec's security telemetry, are particularly impressive. All of this, combined with our own modelling capabilities mean we can offer a product which generates tangible value-creating insights for clients.
Pascal: CyberCube is providing data-driven probabilistic cyber modeling capabilities to JLT Re. JLT Re's existing cyber and enterprise modelling tools, combined with CyberCube, will provide unique, meaningful insights to help clients manage and measure cyber risk and exposure.
XPRIMM: How would you characterize the current status of the cyber risk market?
David: Nascent. At present, we are in a world where many are still endeavoring to understand how to price Cyber business. There is still a lack of understanding in many areas of where the risk lies and how to quantify it. And we are still working towards the development of a fully-fledged stand-alone Cyber market.
Pascal: Cyber risk modeling for insurers has come a long way in the last few years. Previously insurers were relying on relatively cyber rudimentary scenarios, informed by high level expert-driven estimates.
Today, insurers can use CyberCube to undertake sophisticated data-driven scenario simulations, driven by datasets derived from terabytes of data to produce the kind of insurance-specific tail loss metrics they are used to seeing in the natural catastrophe space. That cyber modeling will continue to grow in sophistication in the years to come but there have been tremendous advances in a short period of time.
XPRIMM: As intelligent technologies increasingly penetrate deeper into all business processes / production, cyber risks are also evolving accordingly and become more and more complex. How is the re/insurance industry dealing with this complexity increase, especially given the fast pace of the phenomenon?
David: The most sophisticated industry players are applying extensive exposure data to their portfolios, applying advanced modelling and analytics and, crucially, over-laying this analysis with original, qualitative thinking including emerging risk scenarios.
Pascal: For insurers to understand cyber risk, they need an understanding of both the shifting technology landscape as well as the shifting threat actor landscape. This requires deep engagement with experts that deeply understand this dynamic landscape. CyberCube is fortunate to have a strategic partnership with Symantec, which operates one of the world's largest civilian cyber intelligence networks. That partnership allows us to get a deeper understanding of this ever-evolving risk.
XPRIMM: Cyber insurance is one of the fastest growing insurance lines. Yet, there are still many insurers who avoid writing cyber risk policies, most of them declaring that they don't feel they can really asses the complexity and the possible outcome of a cyber incident. What are the most challenging aspect of writing cyber risk insurance? Where do the main threats lie?
David: They may be right! Cyber risk analysis is highly complex, not least because, especially at this early stage, it is mainly exposure-driven. We simply don't have much of a track record of historical losses to go by and so underwriting is very much forward-looking. Additionally, unlike other types of underwriting where baselines and trends can be established empirically, the nature of cyber risk is constantly changing. This may be the most challenging aspect of Cyber underwriting, with the largest threats yet to be quantified or experienced. This is why it is so important to have both the most extensive possible data to work with as well and the best modelling. Original thinking, particularly as regards emerging cyber risks, is also essential.
Pascal: Overtime, underwriters have become a lot savvier about understanding the frequency and severity of data breaches. The challenge is, increasingly, the more important risk is from business interruption due to a cyber event, which is far more challenging to model particularly from an aggregation perspective.
Insurers who are not investing in building their cyber capabilities and decide to "avoid writing cyber policies" face two challenges. Firstly, they may have substantial silent cyber exposure embedded into other lines of insurance and put themselves in a position where they aren't well positioned to understand that exposure. Secondly, with the continued emergence of internet-connected technologies in all aspects of the modern economy, over time there are few lines of insurance that aren't impacted by cyber in some way. Understanding the complexities of cyber risk is essential to the future of any property & casualty insurer.
XPRIMM: If it would be for you to make a prediction on the cyber risk insurance future - which do you see as being the main trends in the following years?
David: Growth. Cyber has the potential to become a substantial and encompassing line-of-business in future. Cyber liabilities are not limited by physical insurable interests as with most lines. Liabilities are dynamic, meaning underwriting methodologies are constantly subject to change. Insurable Cyber risks are obviously growing rapidly creating significant demand. Whether an insurer decides to write stand-alone Cyber or not, it will be expedient for almost all insurers to understand it. Cyber risk now has the potential to affect most other business lines indirectly. If you look at how the world is developing, what we now call 'Cyber' has the potential to become one of the most consequential business lines in the industry.
Pascal: The insurance industry will experience major losses from a catastrophic cyber event. It is not a question of if, it is a question of when.
In the years to come, I believe we will stop thinking about cyber as a line of insurance and will think about cyber as a peril that is pervasive and impacts almost all traditional lines of insurance.