Steve Bauman
Zurich North America

Steve Bauman of Zurich suggests it will be interesting to see how regulators react and begin to craft legislation, controls and requirements around cyber

What are some of the top cyber threats a company faces on a daily basis?

There are a lot of different cyber threats around the protection of data, the privacy of that data and the security of that data. Cyber is such a broad term and people get confused because of how many areas there are. Cyber is just a generic term but security and privacy of data is the main focus of the product.

Are cyber risks coming from within or outside of the company? What are seen as the bigger threat?

Threat vectors stem from all directions. While current employees cause the largest portion of breaches, according to PwC’s Global State of Information Security Survey, opinions on whether internal or external actors pose a larger risk varies depending on the responder. External threats, which tend to be malicious and intentional in nature, leverage an army of resources to penetrate company perimeters, navigate the network, and mine for crown jewels.

Conversely, internal threats already reside and know the environment but are harder to detect without strong behavioural analytic tools, because human error may play a role.

How will these cyber threats evolve over the next five years?

I don’t think anybody knows. I think what’s unbelievable is that cyber is a risk no one in the captive field had on their radar until recently. If you think of where we as an industry are now, and the fact that in the news you hear of cyber breaches nearly every day, I can’t imagine where it’s going to be in five years.

I know if we don’t do anything about it no one is going to be in a good position. I think by recognising that cyber is an emerging exposure and risk, we can keep it under control and begin to do something. Buying insurance is a good way to start the process but I think captive utilisation is the next step and it also makes a lot of sense for many companies.

According to research in 2015, only 1 percent of captive owners were funding cyber risk through their captives. How has this number changed?

Only 1 percent of captive owners in 2015 is a very small number. I guess it’s because it wasn’t on anyone’s radar then or several years ago. I think we’re going to see exponential growth in captive utilisation for cyber.

Zurich recently launched its new cyber solution for captives. How does the programme work and how will clients benefit from this?

The new solution marries captive utilisation and the products that insurance companies like ours have in the marketplace. It takes our underwriting expertise, the policy forms and the policy infrastructure that we have and marries that to a captive.

The solutions gives the captive the benefit of having the expertise of the policy form and the ability to tap into the services that Zurich puts out in front of captives. Anytime you mitigate losses going to the captive, that’s money saved in the captive and that’s underwriting profit that’s retained. Captive utilisation accrues to the benefit of the parent owner of the captive.

As you said, cyber was off the radar for companies five years ago. What other emerging risks should companies be looking out for?

There continues to be the emerging risks of compliance, or rather non-compliance, or even lack of compliance. If you think about insurance that is regulated in every country around the world and every state in the US, the possibility or risk of being non-compliant is increasing. Captives really need to pay attention to the environment that they’re doing business in, and they need to make sure that the programmes that they are involved in are compliant. The risk of being non-compliant is increasing and that continues to be an emerging risk for captives and their owners as well.

What will be interesting is to see is how the worldwide regulatory bodies look at the cyber threat and how they will craft legislation, controls or requirements on companies and therefore captives to see how that develops. I think it is going to be really interesting.

As more compliance and regulatory bodies look at captives and more of them look at cyber, it will be really interesting to see how that develops. There are some regulatory bodies that are already looking at this issue now. I know the Federal Insurance Office and the National Association of Insurance Companies are both looking at it in the US, as is the International Association of Insurance Supervisors.

The latest interviews from Captive Insurance Times
The latest features from Captive Insurance Times
Jeremy Colombik of MSI and NCCIA chair explains to Becky Butcher that Notice 2016-66 could be detrimental to not just North Carolina, but other domiciles that are home to smaller captives
Alan Fine of Brown Smith Wallace explains how the industry should proceed after the Avrahami court case ruling
Join Our Newsletter

Sign up today and never
miss the latest news or an issue again

Subscribe now
Dana Hentges Sheridan, general counsel and chief compliance officer at Active Captive Management, provides insight into the differences between business risks and insurance risks
Predicting when interest rates will change is difficult, which is even more reason to maintain a disciplined approach to your investments, according to Stephen Nedwicki of Comerica Bank
Looking ahead to 2018, Phillip Giles of QBE North America predicts continued uncertainty for the healthcare reform
Michael Schroeder of Roundstone explains why transparency, control and cost savings are the secret sauce offered by a medical captive
Attendees of the Guernsey Insurance Forum heard how important it is for different parts of the industry to work together not only to co-exist, but also to collaborate
Captives must demonstrate they are both efficient and cost effective. Colin Freeman and Peter Downey explain what Barclays can do to help
Domicile profiles
The latest domicile profiles from Captive Insurance Times
Tennessee’s governor, commissioner, general assembly and business community have all worked together to create ‘explosive growth’ in the state’s captive insurance industry. Julie Mix McPeak explains more
Newly-appointed chairman of CCIA Michael Maglaras suggests that the future is bright for state’s captive industry
Asset Servicing Times

Visit our sister site
for all the latest asset servicing news and analysis
Although the Isle of Man is currently focusing on updating its regulatory framework, Solvency II, Brexit and the Asian market all hold big opportunities for the island
Debbie Walker of the North Carolina Department of Insurance tells Becky Butcher why the state is among 2017’s standout performers
Experts convene to talk to Becky Butcher about the stability that Guernsey represents in a challenging financial and political environment
In an era of increasing uncertainty, Tamatoa Jonassen suggests that the Cook Islands can be a bridge to financial security in a captive
With a dedicated captive plan in place, the Lone Star State is on the rise, says Josh Magden of the Texas Captive Insurance Association
After 36 years of captive business, Vermont boasts a culture of legislative change, and still has a few tricks up its sleeve. Dan Towle and David Provost explain