Steve Bauman
Zurich North America
Steve Bauman of Zurich suggests it will be interesting to see how regulators react and begin to craft legislation, controls and requirements around cyber

What are some of the top cyber threats a company faces on a daily basis?

There are a lot of different cyber threats around the protection of data, the privacy of that data and the security of that data. Cyber is such a broad term and people get confused because of how many areas there are. Cyber is just a generic term but security and privacy of data is the main focus of the product.

Are cyber risks coming from within or outside of the company? What are seen as the bigger threat?

Threat vectors stem from all directions. While current employees cause the largest portion of breaches, according to PwC’s Global State of Information Security Survey, opinions on whether internal or external actors pose a larger risk varies depending on the responder. External threats, which tend to be malicious and intentional in nature, leverage an army of resources to penetrate company perimeters, navigate the network, and mine for crown jewels.

Conversely, internal threats already reside and know the environment but are harder to detect without strong behavioural analytic tools, because human error may play a role.

How will these cyber threats evolve over the next five years?

I don’t think anybody knows. I think what’s unbelievable is that cyber is a risk no one in the captive field had on their radar until recently. If you think of where we as an industry are now, and the fact that in the news you hear of cyber breaches nearly every day, I can’t imagine where it’s going to be in five years.

I know if we don’t do anything about it no one is going to be in a good position. I think by recognising that cyber is an emerging exposure and risk, we can keep it under control and begin to do something. Buying insurance is a good way to start the process but I think captive utilisation is the next step and it also makes a lot of sense for many companies.

According to research in 2015, only 1 percent of captive owners were funding cyber risk through their captives. How has this number changed?

Only 1 percent of captive owners in 2015 is a very small number. I guess it’s because it wasn’t on anyone’s radar then or several years ago. I think we’re going to see exponential growth in captive utilisation for cyber.

Zurich recently launched its new cyber solution for captives. How does the programme work and how will clients benefit from this?

The new solution marries captive utilisation and the products that insurance companies like ours have in the marketplace. It takes our underwriting expertise, the policy forms and the policy infrastructure that we have and marries that to a captive.

The solutions gives the captive the benefit of having the expertise of the policy form and the ability to tap into the services that Zurich puts out in front of captives. Anytime you mitigate losses going to the captive, that’s money saved in the captive and that’s underwriting profit that’s retained. Captive utilisation accrues to the benefit of the parent owner of the captive.

As you said, cyber was off the radar for companies five years ago. What other emerging risks should companies be looking out for?

There continues to be the emerging risks of compliance, or rather non-compliance, or even lack of compliance. If you think about insurance that is regulated in every country around the world and every state in the US, the possibility or risk of being non-compliant is increasing. Captives really need to pay attention to the environment that they’re doing business in, and they need to make sure that the programmes that they are involved in are compliant. The risk of being non-compliant is increasing and that continues to be an emerging risk for captives and their owners as well.

What will be interesting is to see is how the worldwide regulatory bodies look at the cyber threat and how they will craft legislation, controls or requirements on companies and therefore captives to see how that develops. I think it is going to be really interesting.

As more compliance and regulatory bodies look at captives and more of them look at cyber, it will be really interesting to see how that develops. There are some regulatory bodies that are already looking at this issue now. I know the Federal Insurance Office and the National Association of Insurance Companies are both looking at it in the US, as is the International Association of Insurance Supervisors.

The latest interviews from Captive Insurance Times
The latest features from Captive Insurance Times
Having the ability to stabilise regulatory and fiscal certainty through self-funding will continue to drive expansion of the self-insured and medical stop-loss captive markets, says Phillip Giles of QBE North America
Attendees of the European Insurance Forum in Dublin heard how insurance and reinsurance professionals are readying for turbulent times ahead
Join Our Newsletter

Sign up today and never
miss the latest news or an issue again

Subscribe now
Interest in forming new captives and protected cell companies is on the rise, according to the latest Aon Global Risk Management Survey
SACs in Bermuda, first crafted in the statute in 2000, are a useful tool for both captive and commercial insurers, says Kim Willey of ASW Law
Rule-focused decisions have kept captives from delivering full value, say Carrie Lam and Steve Prince of Collins Barrow
Attendees of this year’s European Insurance Forum can expect a full and comprehensive agenda. Eddy Van Cutsem explains
Richard Paris-Smith of Willis Towers Watson explains how the UK’s recent changes to the Ogden discount rate will affect captive insurers
Reputation insurance is an important part of any company’s risk management strategy, according to Dr Nir Kossovsky of Steel City Re
Domicile profiles
The latest domicile profiles from Captive Insurance Times
In an era of increasing uncertainty, Tamatoa Jonassen suggests that the Cook Islands can be a bridge to financial security in a captive
With a dedicated captive plan in place, the Lone Star State is on the rise, says Josh Magden of the Texas Captive Insurance Association
Asset Servicing Times

Visit our sister site
for all the latest asset servicing news and analysis
After 36 years of captive business, Vermont boasts a culture of legislative change, and still has a few tricks up its sleeve. Dan Towle and David Provost explain
After a successful 2016 and the licensing of its first securitisation cell company, Malta insurance industry professionals are looking ahead to 2017
Missouri’s captive programme is approaching a decade in operation. John Talley explains how the state has made it to this milestone
Less than 10 years ago, the Bahamas was a virtually forgotten player in the external insurance marketplace, according to Tanya McCartney and Michele Fields. But today, the jurisdiction has a reputation as a market leader
As the new head of insurance supervision in Cayman, Ruwan Jayasekera reveals how he will strive to meet international best practices and standards while encouraging innovation in the domicile
Danielle Hermansen of PKF Malta discusses how Malta can and is fully utilising its potential in the insurance industry