Over 150 of our partners and peers in the London market came together to hear the views on the cyber insurance market from two distinguished industry speakers – Lloyd’s Chief Executive Officer Inga Beale and Pool Re Chief Executive, Julian Enoizi. We were also delighted to welcome Ciaran Martin – Chief Executive of the newly created National Cyber Security Centre, part of GCHQ – on to the panel to provide us with insight into the new organisation.
Inga concentrated on the ongoing debate as to whether the (re)insurance industry should be handing over cyber catastrophe risks to the state. While she acknowledged that the industry would not be able to cope with “mega risks”, she was crystal clear in her view that it can handle the vast majority of smaller ones. Work being done at Lloyd’s right now suggests that cyber exposures at syndicates are currently no bigger than some of the other risks the market takes on.
She also dismissed the idea of compulsory cyber insurance for businesses, saying it was a “blunt instrument”. In her view it would be far better to make companies disclose the robustness of their cyber security – and if they decide they need cyber insurance, then so much the better.
Highlighting the ”gulf” in existing insurance coverage around property damage arising from cyber risks, Julian pointed to several cyber attacks that resulted in physical damage to infrastructure. He confirmed that Pool Re is exploring expanding its terrorism remit to include property damage as a result of cyber terrorism – and in his view this would happen in 2017.
He reassured guests that Pool Re was supporting rather than trying to supplant the private market and that he believed that public-private partnership represented the way forward when it comes to systemic cyber exposure. His proposed model would take catastrophic risk away from the private market which would then encourage (re)insurers to put shareholder capital at risk knowing that they wouldn’t have to worry about systemic catastrophic risk.
In talking about the objectives of the new National Cyber Security Centre, Ciaran Martin said that there was a real need to “demystify” cyber security saying that a lot of it is pretty basic. In his view, there hasn’t been enough done to educate people about the risks of today’s tech-driven environment and that this is essential to improving the wider cyber infrastructure.
He also felt that government, media and industry each had a role to play by stopping the characterisation of cyber attacks as clever or sophisticated – the vast majority simply aren’t.
Ciaran believes that the cyber environment needs to mature to provide more evidence and data to help develop government policy as well as help our industry. He endorsed the point that no-one wants to nationalise risk, saying that the government and GCHQ have both been “adamant” on this in the past. Rather, he sees the need to encourage calm, rational dialogue between all parties so that eventually cyber risk is perceived as “normal” rather than catastrophic.
We’ll be sharing videos of each of our panelist’s presentations over the next few days and in the meantime, we’re already planning how we can top this year’s event in 2017!
