Capacity Worries Loom In Cybermarket

Just a few years into the development of a growing specialty market, experts in the property-casualty insurance industry admit theyre worried that theres not enough capacity available to cover an emerging set of risks.

“The critical thing to consider, I think, is what happens when you have a client with major needs for limits–not $25 million, but $100 million, $200 million. What happens when we actually have a major event–and what happens to the marketplace after that major event,” said Emily Freeman, national practice leader of the e-Business practice for Marsh USA in San Francisco.

Ms. Freeman wasnt referring to a natural catastrophe like an earthquake or a flood, but the electronic equivalent of a worldwide storm.

She and others participating in American Conference Institutes Fifth Annual Online Liability Conference in late June repeatedly addressed the need for specialty insurers to track the potential for an aggregation of losses from far-reaching distributed denial-of-service attacks and viruses that could impact computer networks simultaneously across the world. Such attacks, they say, could cause billions of dollars in property and business interruption claims–claims now being covered under specialty insurance policies.

Four of six panelists representing insurers and brokers assembled to discuss cyberinsurance product offerings listed “capacity” as a top-of-mind issue when asked to share their biggest fears with the audience.

“Ultimately, we hope private insurance can handle this issue,” Ms. Freeman said. Officials at very high levels of the federal government see this as a “critical infrastructure issue,” she reported. “They want to see the private insurance market handle this, rather than having it become an issue like flood.”

Ms. Freemans suggestion of the potential need for a government insurance program came in response to a question about the appetite for reinsurers to support the emerging specialty insurance market. “I think reinsurers are evaluating participating on treaties with high limits very carefully,” she said. But “I think there is reinsurance capacity out there,” she noted, adding, however, that reinsurers have “very serious issues” about the aggregation exposures of primary insurers.

Earlier, she explained that a major event, “like a virus that sweeps through the world in less than 24 hours” wasnt the only aggregation issue on the minds of insurers. “Theres also an issue of a single point of failure,” she said, referring to the possibility that a service outage for one “critical infrastructure provider,” such as an Internet Service Provider or a telecommunications company, could affect multiple customers–and multiple insureds–at the same time.

Ms. Freeman suggested that there were two ways for insurers to evaluate such a risk in their own portfolios. One way is to nail down how many of a carriers insureds are working with one particular provider. The other–”more proactive way”–is to look at the providers themselves and do some sort of due diligence on them as part of the underwriting process, she said, suggesting that “the quality of redundancies” of external providers be assessed along with a potential insureds internal network security.

“The contingent business interruption exposure, or liability that comes to you from [critical service providers] failure, could be very substantial,” she said.

A member of the conference audience had another aggregation issue for the panelists to ponder. “How do you assess the risk of your assessment partners and the quality of work they do?” he asked, referring to information security specialists that work with the insurers to assess the risks theyre taking on (in many cases, at no cost to the insured.)

Elaborating on why he saw this as an aggregation issue, the questioner insisted, “You cant just take what theyre doing at blind faith. I dont know how good a job Ernst & Young is doing,” he said, referring to one of the Big Five firms that insurance representatives cited as having an information security practice which provide assessments to them. “I also dont know how good CyberCop is?” he said, referring to an online vulnerability assessment service.

“Theres your single point of failure. What if theres a major flaw in that and everyone in the room thats an underwriter is using it–and we put millions of dollars at risk?”

“The risk assessment is only as good as the person doing it,” said Brian Brown, regional manager of e-Business Solutions for Zurich North America, noting that his company typically accepts written assessments provided by the information security practices of the Big Five firms.

In addition, he said there are smaller, boutique firms across the country. Many are centered around Washington because a lot of information security experts come from the military and the “real” alphabet houses, he said, referring to the FBI and CIA. “The quality of the work put out by many of these people is quite adequate for underwriting purposes,” he said.

Carol Zacharias, counsel and managing director for CNA Pro in New York, told the questioner: “I am very suspicious, as you are, about it. Weve been taking a very hard look at it, [but] I dont think theres any answer because there arent enough claims. You dont have these people providing a product until there have been claims. You dont have trends to look at.”

Later, she said, the real challenge for the industry is not in adapting coverage to insureds as their needs change–the main topic of the panel. “It is how in the world we are going to devise the underwriting process,” she added, referring again to the question on assessing security partners.


Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, September 10, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.


Contact Webmaster

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.