Advertisement
Captive Insurance Times home Interviews

Adam Peckman | Aon Risk Solutions

Menu
News sections
More sections
Emerging talent
Domicile guide
Search
News by sections
Latest news
Industry
People moves
Regulation
Technology
Ratings
Reinsurance

News by region
North America
Latin America
Europe
Nordics
Africa
Asia Pacific

Issue archives
Archive section

Content
Features
Interviews
Domicile profiles
Editors picks

Service providers
Service providers
Accountants and actuaries
Asset managment
Banks and trusts
Domiciles and associations
Captive management
Claims and litigation support
Law firms
Rating agencies
Reinsurance
Specialty programmes
Technology
Emerging talent
Emerging talent profiles
Events
Upcoming events
Domicile guidebook
Guidebook online
Issue archives
Archive section
Content
Features
Interviews
Domicile profiles
Editors picks
Service providers
Service providers
Accountants and actuaries
Asset managment
Banks and trusts
Domiciles and associations
Captive management
Claims and litigation support
Law firms
Rating agencies
Reinsurance
Specialty programmes
Technology
Emerging talent
Emerging talent profiles
Events
Upcoming events
Domicile guidebook
Guidebook online
Search site
Features
Interviews
Domicile profiles
Generic business image for editors pick article feature Image: Shutterstock

06 July 2016

Share this article





Share
Adam Peckman
Aon Risk Solutions

Adam Peckman of Aon Risk Solutions reveals Aon’s first captive cyber survey results and explains how a captive can challenge the evolving threat of cyber risk

What were the main findings of the report?

Indicative of both the rapid application of new digital strategies, growing dependency on technology to support critical business processes, and the evolving threat environment, business interruption due to a breach was rated as the top cyber risk concern for the participants in our recent survey. Meanwhile, bodily injury/property damage (first and third party) was rated as their lowest concern.

Additional highlights include that only 59 percent of companies have used a formal risk assessment process to help inform their insurance buying decision, and a mere 51 percent of companies would value an independently administered cyber risk assessment.

Some 61 percent of survey respondents said they buy cyber limits in the $10-25 million range, but overall, 60 percent of large companies don’t buy cyber insurance. Of those that do, 68 percent of companies surveyed buy cyber for balance sheet protection, making this the most popular reason, closely followed by ensuring due diligence comfort for the board.

The survey found that 25 percent of respondents that buy limits are confident that they comply with international best practices and standards for information security governance.

Also, 95 percent of companies stated clear policy wording as the most important issue in the cyber risk market, and 75 percent of large companies expressed concerns about the loss adjustment process. Finally, the survey shows that 94 percent of companies would share risk with others in their industry as part of a captive facility writing cyber.

Do you expect to see an increase in the number of companies using captives to cover cyber risks?

Aon’s Captive & Insurance Management team anticipates alternative risk transfer options to become increasingly sought after, as these solutions give companies some control over underwriting, coverage scope and claims adjustment, while providing an opportunity to share best practices, experience and data in a private setting.

Consequently, the extent to which these alternative risk transfer options are pursued will depend on the market’s ability to keep pace with client needs.

In Aon’s Captive Benchmarking Survey, participation in cyber by captives rose by roughly 30 percent in 2016, and this trend of growth is expected to continue.

Should larger, sophisticated companies not perceive the market keeping pace with their requirements, it is foreseeable that there would be industry type mutual entities established to give some control over underwriting, coverage scope and claims adjustment.

What are the benefits of a company funding cyber through a captive?

Our study has shown that for many companies a divergence still exists between recognising cyber as a fast evolving risk to the corporate balance sheet and understanding the coverages required to best mitigate the exposure—71 percent of surveyed companies listed terms and conditions as their most important issue in the cyber risk market place.

This was followed by pricing, highlighted by 48 percent.

Accordingly, captives are a great alternative risk transfer solution for bridging this divergence while solutions from the insurance industry catch up to meet the challenge of this evolving cyber risk frontier.

By including cyber risk in a captive, rather than simply self-insuring the risk, the company gets the opportunity to evaluate how the risk will behave in a formal insurance structure subject to underwriting and claims adjustment disciplines.

Over time, that experience and data can be used to negotiate programme structures with insurance carriers and to inform cost allocations of cyber loss.

Insureds place cyber exposures in captives for a number of different reasons:

  • As an in-fill programme for high deductible cyber or professional indemnity programme;

  • Using the captive to retain the primary layer of risk;

  • Using the captive to access re-insurance capacity;

  • Using the captive to incubate where broad coverage is currently unavailable; and

  • For investment of captive profits into cyber risk control programmes.


    • What is the three-step approach Aon suggests for assessing cyber risk?

    Although the utilisation of a formal cyber risk assessment to determine the financial exposure from cyber was surprisingly low (59 percent), we maintain that conducting such an assessment is a useful tool for improving risk understanding and consequently, developing suitable risk transfer strategies, including captive utilisation for cyber.

    Developing and maintaining a cyber risk assessment approach requires cross-departmental collaboration and must ultimately translate cyber exposures into financial impact.

    Aon recommends the following steps:

  • Scenario Analysis: Benchmark the existing cyber risk profile and work with business stakeholders to prioritise cyber risk scenarios.

  • Financial Modelling: Leverage advanced financial simulation tools using deterministic modeling to quantify first and third party costs of select cyber scenarios. Consider performing an analysis on non-damage business interruption scenarios using forensic accounting capabilities.

  • Insurability Risk Review: Test the adequacy of limits against the assessed cyber risk as well as review the optimisation of the proposed insurance programme.

    •  Subscribe advert
    Advertisement
    Advertisement
    Get in touch

    Home

    Contact us

    Subscribe to our newsletter

    Facebook

    LinkedIn

    Twitter

    RSS feed

    Privacy policy

    News

    Latest news

    Industry

    People moves

    Regulation

    Technology

    Ratings

    Reinsurance

    More sections

    Issue archive

    Features

    Interviews

    Country profiles

    Editors picks

    Service providers

    Education

    Events

    Emerging talent

    Domicile guidebook

    Black Knight Media

    Securities Finance Times

    Asset Servicing Times

    Captive Insurance Times

    Black Knight Media Creative

    © 2010-2024 Black Knight Media Ltd. All rights reserved. No reproduction without prior authorisation.
    Registered in England No.07191464. Registered office: 23 Metro Business Centre, Kangley Bridge Road, London, SE26 5BW.