Skip to main content
Survey Report

Quarterly InsurTech Briefing Q4 2018

Cyber InsurTechs – helping incumbents make sense of the threat and maximize the opportunity

Cyber Risk Management|Insurance Consulting & Technology

February 25, 2019

The Q4 InsurTech Briefing focuses on Cyber InsurTech and examines how it’s viewed as both a threat and an opportunity by InsurTechs and incumbent insurers.

In this edition of the Quarterly InsurTech Briefing we take a look at the universe of Cyber InsurTech. Our aim is to understand how InsurTechs and incumbent insurance businesses are looking at cyber as both a threat and as an opportunity. More specifically, we will be assessing the appropriateness of the current tools, models, services and solutions which attempt to price cyber as a risk, and provide suitable solutions in the aftermath of an attack.

As this quarterly will highlight, cyber risk is notoriously difficult to price. In the event of a house burning down, or a car being damaged, our industry knows how to pre-emptively price and react with efficacy to an event. Decades of data and experience, coupled with the physical manifestation of determinable ‘loss’ allows our industry to provide the market with appropriate products and solutions. It is not so straightforward with cyber.

The cyber threat vector is constantly changing; motivations to launch a cyber-attack alter, the number of nodes connected to interconnected devices continues to grow and the impact on business interruption increases as we digitize. Perhaps even more importantly, forecasting the cost of a loss becomes ever more difficult given that what could constitute a ‘cyber loss’ is invariably embroiled in overlaps with other insurance products sold – for example, is a property policy supposed to cover the loss of a destroyed mainframe that was questionably breached by a cyber-attack?

In the opinion of many, our industry has been slow to innovate around cyber. Many of the earlier ‘cyber’ policies sold were simply repackaged tech errors and omissions (E&O) policies from the early 1990s that offered little in terms of contemporary pricing techniques to reflect the accuracy of the real-time threat. But is this the result of laziness on the part of our industry, or does this represent a much bigger issue that, simply put, stems from the inherent difficulty of understanding cyber as a threat, relative to the role that insurance can play?

Without truly understanding where malicious attacks or unintentional outages/breaches are coming from, or understanding the true monetary value of a digital asset, or the impact that a working digital system has in the supply chain of a business (which if stopped working would cause business interruption), are those who are pricing cyber simply thing coin tosses?

Our industry theme for this quarterly is predominately focused towards one key observation that we hold in Willis Re – if our industry is going to maximize cyber as an evolving line of business then it needs to become more comfortable pricing this risk class. In order to do this, the industry should be open to working with InsurTech businesses that specialize in demystifying cyber. Cyber is a multi-faceted, ever-evolving therianthropic phenomenon. The appropriate response to this is to task our industry with an equally multi-faceted approach. Rather than trying to specialize and excel in each tenet required, InsurTechs offer our industry a huge opportunity through strategic commercial partnering to allow incumbent insurance firms the ability to become part of a broader, more resilient jigsaw puzzle.

In keeping with previous quarters, we focus on a select group of InsurTechs who illustrate a number ways in which we can rethink and restructure our approach towards cyber – evolving the industry proposition away from the traditional method of assessing and pricing risks into an era that looks to truly understand the meaning of dynamic pricing.

Specifically, we will be assessing those InsurTechs that are targeting innovative ways to model and risk-score cyber, and those InsurTechs that are focusing on risk mitigation tactics and post-attack services and solutions. We feel these are the areas where incumbent players can benefit the most from the innovation that InsurTechs are bringing to the cyber playing field.

Using technology to solve technological problems

Cyber is a daunting and exciting prospect for our industry, and for society in general. The proliferation of technology brings with it inherent vulnerabilities – ironically the use of technology is also a key tenet to making sure that the threat of cyber is detectable, containable and quantifiable. A variety of different technologies are being used to monitor and tackle the threat, notably; hardware authentication software, user-behavior analytics, data loss prevention software, deep-learned algorithms (and respective sub-sectors of artificial intelligence [AI] and machine learning [ML]) and cloud-based security processing. These types of technologies can scour networks at unparalleled speed and volume.

InsurTechs that are putting together innovative ways of tackling cyber know that it is technology itself that will play a major role in solving our exposure against the backdrop of frequency and severity.

A multi-faceted approach to a multi-faceted problem

Throughout the course of this briefing, one of the major themes on which we will be focusing is the fact that, even boiled down to its core tenets, cyber is inherently complicated. Given these complications, a one size fits all type approach is fundamentally flawed. To truly understand the phenomena, and hope to solve/maximize it, a multi-faceted approach must be taken. This involves using a variety of models, analytical tools, and mathematical approaches – to name just a few pieces of this highly complex puzzle.

First, we look at Guidewire Cyence Risk Analytics (Cyence), a company designing a model that empowers the insurance industry to better understand the economic impact of cyber risks.

Secondly we visit Corax, an InsurTech that has developed innovative analytics tools to help the insurance industry design, price and sell appropriate cyber products to the market.

We then shift focus slightly away from those companies who are working specifically on tools for the (re)insurers themselves, to three companies that also serve commercial businesses and individuals directly.

First, we speak with Paladin, an InsurTech creating business-centric tools to detect cyber risks, protect against those risks, buy insurance and offer post-attack services.

We then look at Zeguro, a company designing tools for businesses to engineer out their risks.

And finally, we spend time with ReFirm Labs. ReFirm Labs is probably the least traditional InsurTech of the companies featured in that its offering is not necessarily insurance (only) focused. Its inclusion, however, is vital in our bid to highlight the fact that non-traditional approaches can be adopted by our industry to create appropriate solutions. ReFirm Labs’ team of experts vet and validate the strength of firmware – the very types of soft and hardware that we, and the clients that we support, use.

Understanding the strength of the technology we’re using is just another vital part of the jigsaw puzzle.

Our own global perspective on cyber

While our primary goal in this briefing is to focus on cyber InsurTech solutions, Willis Towers Watson does boast its own world-leading Cyber practice, and we will feature much of the proprietary survey material that we have collated from the corporate and insurance industries over the last couple of years. This will provide insight into global trends and approaches toward the issue. It will further highlight the various benefits for incumbent firms, both commercial and insurance-related in working with InsurTech firms that place a significant weight on technology to help provide answers to the fast-ging topic.

Per our recommended multi-faceted strategy, Willis Towers Watson’s holistic approach to cyber risk evaluates all threats – from people, capital, technology, through three stages – assess, quantify, protect to ensure that the enterprise is best prepared to protect and grow its business.

  • Assess risks through Cyber Risk Culture Survey and Cyber Risk Profile Diagnostic
  • Determine optimal risk transfer strategies and financing limits using Cyber Quantified
  • Use the above solutions to mitigate risk and address the exposure via risk transfer – Cyber Insurance

The bringing together of disparate worlds

Willis Re’s Global Head of Cyber, Mark Synnott, is this quarter’s industry expert. Mark shares his thoughts with the market on both the opportunities generated by cyber and also the threats posed.

Transaction spotlight

In the Transaction spotlight section of the report, we feature a very rare InsurTech occurrence – an initial public offering (IPO). In Q4 2018, Germany’s first InsurTech IPO was announced when Deutsche Familienversicherung (DFV) became listed on the Frankfurt Stock Exchange. DFV’s extensive use of AI and third-party Internet of Things (IoT) devices, such as Amazon’s Alexa, has allowed them to excel in their product, service and sales proposition in health, property and casualty insurance.

The quarter in review

As always, we conclude the report with the InsurTech Data Center. The past few quarters have shown a steady increase of InsurTech funding, and Q4 2018 is no different. The $70 million investment into Hippo, for example, has continued to drive the upward momentum of capital raising in the InsurTech space.

Willis Towers Watson’s holistic approach to cyber risk

Willis Towers Watson Media
Download
Title File Type File Size
Quarterly InsurTech Briefing Q4 2018 PDF 1.8 MB