Steve Bauman
Zurich North America

Steve Bauman of Zurich suggests it will be interesting to see how regulators react and begin to craft legislation, controls and requirements around cyber

What are some of the top cyber threats a company faces on a daily basis?

There are a lot of different cyber threats around the protection of data, the privacy of that data and the security of that data. Cyber is such a broad term and people get confused because of how many areas there are. Cyber is just a generic term but security and privacy of data is the main focus of the product.

Are cyber risks coming from within or outside of the company? What are seen as the bigger threat?

Threat vectors stem from all directions. While current employees cause the largest portion of breaches, according to PwC’s Global State of Information Security Survey, opinions on whether internal or external actors pose a larger risk varies depending on the responder. External threats, which tend to be malicious and intentional in nature, leverage an army of resources to penetrate company perimeters, navigate the network, and mine for crown jewels.

Conversely, internal threats already reside and know the environment but are harder to detect without strong behavioural analytic tools, because human error may play a role.

How will these cyber threats evolve over the next five years?

I don’t think anybody knows. I think what’s unbelievable is that cyber is a risk no one in the captive field had on their radar until recently. If you think of where we as an industry are now, and the fact that in the news you hear of cyber breaches nearly every day, I can’t imagine where it’s going to be in five years.

I know if we don’t do anything about it no one is going to be in a good position. I think by recognising that cyber is an emerging exposure and risk, we can keep it under control and begin to do something. Buying insurance is a good way to start the process but I think captive utilisation is the next step and it also makes a lot of sense for many companies.

According to research in 2015, only 1 percent of captive owners were funding cyber risk through their captives. How has this number changed?

Only 1 percent of captive owners in 2015 is a very small number. I guess it’s because it wasn’t on anyone’s radar then or several years ago. I think we’re going to see exponential growth in captive utilisation for cyber.

Zurich recently launched its new cyber solution for captives. How does the programme work and how will clients benefit from this?

The new solution marries captive utilisation and the products that insurance companies like ours have in the marketplace. It takes our underwriting expertise, the policy forms and the policy infrastructure that we have and marries that to a captive.

The solutions gives the captive the benefit of having the expertise of the policy form and the ability to tap into the services that Zurich puts out in front of captives. Anytime you mitigate losses going to the captive, that’s money saved in the captive and that’s underwriting profit that’s retained. Captive utilisation accrues to the benefit of the parent owner of the captive.

As you said, cyber was off the radar for companies five years ago. What other emerging risks should companies be looking out for?

There continues to be the emerging risks of compliance, or rather non-compliance, or even lack of compliance. If you think about insurance that is regulated in every country around the world and every state in the US, the possibility or risk of being non-compliant is increasing. Captives really need to pay attention to the environment that they’re doing business in, and they need to make sure that the programmes that they are involved in are compliant. The risk of being non-compliant is increasing and that continues to be an emerging risk for captives and their owners as well.

What will be interesting is to see is how the worldwide regulatory bodies look at the cyber threat and how they will craft legislation, controls or requirements on companies and therefore captives to see how that develops. I think it is going to be really interesting.

As more compliance and regulatory bodies look at captives and more of them look at cyber, it will be really interesting to see how that develops. There are some regulatory bodies that are already looking at this issue now. I know the Federal Insurance Office and the National Association of Insurance Companies are both looking at it in the US, as is the International Association of Insurance Supervisors.

The latest interviews from Captive Insurance Times
The latest features from Captive Insurance Times
What should a captive look for when hiring a firm to manage its portfolio? Stephen Nedwicki of Comerica Bank takes a look
Martin Membery and Andrew Holland of Sidley Austin discuss the signing of the EU-US bilateral covered agreement and who will potentially benefit from it
Join Our Newsletter

Sign up today and never
miss the latest news or an issue again

Subscribe now
Michael Zuckerman of Temple University Fox School of Business makes the case for a captive insurance company independent board director
This year’s Bermuda Captive Conference highlighted the importance of the captive industry to the island, and the need to stay ahead of the curve in terms of regulation and innovation in order to maintain its global status
Brady Young, Stuart King and Andrew Berry tell Becky Butcher about the decision to expand into Europe with a new operation in Dublin
Unscrupulous micro captive managers and their motley crews might have walked their last plank following the ruling in the good ship Avrahami
More than 200 delegates gathered in Charlotte, North Carolina, to attend the state’s three-day annual captive insurance conference. Becky Butcher reports
John Dies and Steve Miller of alliantgroup analyse the Avrahami tax court case decision, and warn captives to take a look at their own programmes
Domicile profiles
The latest domicile profiles from Captive Insurance Times
Although the Isle of Man is currently focusing on updating its regulatory framework, Solvency II, Brexit and the Asian market all hold big opportunities for the island
Debbie Walker of the North Carolina Department of Insurance tells Becky Butcher why the state is among 2017’s standout performers
Asset Servicing Times

Visit our sister site
for all the latest asset servicing news and analysis
Experts convene to talk to Becky Butcher about the stability that Guernsey represents in a challenging financial and political environment
In an era of increasing uncertainty, Tamatoa Jonassen suggests that the Cook Islands can be a bridge to financial security in a captive
With a dedicated captive plan in place, the Lone Star State is on the rise, says Josh Magden of the Texas Captive Insurance Association
After 36 years of captive business, Vermont boasts a culture of legislative change, and still has a few tricks up its sleeve. Dan Towle and David Provost explain
After a successful 2016 and the licensing of its first securitisation cell company, Malta insurance industry professionals are looking ahead to 2017
Missouri’s captive programme is approaching a decade in operation. John Talley explains how the state has made it to this milestone