In Partnership with
Cyber insurance comes of age
Cyber insurance is no longer a nice-to-have, and insurers are on the front foot, integrating security measures into business practices to meet a continuous threat
Philippa Davis
CFC
Industry experts
Jeff Gonlin
Emergence Insurance
Richard Smith
Blue Zebra Insurance
Trevor Baldwin
Baldwin Risk Partners
Philippa Davis has over 10 years’ experience in the insurance industry in both the UK and Australian markets. As cyber team leader at CFC, Davis heads up the Australian cyber underwriting team and brings deep expertise to CFC’s cyber practice. Day to day, she is responsible for ensuring smooth operations and fostering excellence in the team’s performance. She also manages broker training, equipping them with the necessary knowledge to expertly handle cyber insurance for their clients. Davis has held senior underwriting positions at Vero and AIG in Melbourne, with a particular focus on risks in the professional and financial services sectors.
CFC
Philippa Davis
Prior to joining Emergence eight years ago, head of underwriting Jeff Gonlin worked in the US, Europe and Australia in casualty insurance and reinsurance.
Emergence Insurance
Jeff Gonlin
Richard Smith has nearly 30 years of commercial insurance experience in both the London and Australian markets. During that time his roles have included founder and director of a specialist cyber insurance provider and chief executive of a commercial insurance broking business. He is now head of cyber at Blue Zebra, underwriting on behalf of Certain Underwriters at Lloyd’s.
Blue Zebra Insurance
Richard Smith
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Baldwin Risk Partners
Trevor Baldwin
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Vault Plus Mortgage and Finance Consultancy
David Merison
“[SMEs] need to work out how they’re going to manage their cyber risk [and] decide whether they’re going to transfer some of that risk to the insurance market, or if they’re going to self-insure that risk”
Richard Smith,
Blue Zebra Insurance
CYBER INSURANCE'S star is rising globally, and growth in the subsector is expected to continue accelerating over the next few years.
Within this ascendant arc, Australia is seen as something of a laggard due to relatively low uptake, especially by small to medium enterprises. Related insurance has evolved quickly from reactive, simple policies designed to merely cover losses after an incident, to the more proactive and interventionist practices of insurers that integrate risk management into companies’ IT systems to assess weaknesses and counter external threats before a strike.
It’s also becoming clear that effective cyber insurance needs to involve an element of continuous updating to keep up with the rapid shifts in the threat landscape.
Experts in the area fleshed out some of these issues at a recent Executive Insights panel on Insurance Business TV and gave their views on the subsector’s profile and changing attitudes towards cyber insurance among brokers and insureds.
“When the risk is reduced, then the insurance becomes affordable. People should go beef up their cybersecurity and then think about the insurance”
Jeff Gonlin, Emergence Insurance
“[Cyber insurance] shouldn’t be seen as an either/or. We all buy home insurance, but we still lock our doors because we know that locks can be broken”
Philippa Davis,
CFC
“What we can do has changed tremendously over the last five or 10 years,” says Jeff Gonlin, head of underwriting at Emergence Insurance.
“You look at the type of data we have at our disposal now – the kinds of analysis you can do in real time; predictive analytics; the automation that is coming in – it’s really becoming a new era.”
The sector’s turnaround in fortunes is attracting new capacity, but even this can be viewed in a positive light.
“We’re seeing new entrants come into the Australian market, which I think is going to add to growth and actually going to help the current incumbents. We’ve got some exciting times ahead,” Smith says.
“What we can do is monitor our customers’ online presence, identify gaps in their security, or areas where they’re vulnerable. This makes them more secure than they would have been without having that policy.”
This preventative-type service identifies potential threats using insights from proactive scanning, dark web monitoring and a variety of public and private threat intelligence feeds. If a cybersecurity issue is found, the insurer can work with the insured to eliminate the threat.
“What this means is that we’re not just focusing on the line of defence but we’re also targeting the attacker themselves. And I think the combination of the two is really critical in stopping attacks
A recent broker poll conducted by CFC in Australia showed that in many cases the reason for not taking out cyber insurance was because the client – often the IT person – didn’t believe it was required.
[This shows] the importance of making sure other key stakeholders are engaged in the process, rather than trying to make cyber insurance just an IT problem,” Davis says.
“Cyber risk is no longer just a concern for just the IT team – boards and risk managers really have to start understanding cyber from a risk perspective.”
While the situation around awareness is improving, there is still much to be done.
“In Australia cyber insurance premiums account for 0.4% of total insurance premiums across all classes
Two reports released in August herald a rosy future for cyber.
The first, from research and consulting firm MarketsandMarkets, predicts that the cybersecurity insurance market is expected to expand from US$10.3 billion in 2023 to US$17.6 billion by 2028, mainly driven by the escalating frequency and breadth of cyber threats.
Organisations around the world are increasingly recognising the need for comprehensive coverage that addresses the complexities of cyber risks, the report said, with sectors such as healthcare and life sciences experiencing greater threats on the back of the COVID-19 pandemic.
The second report, from S&P Global, is even more bullish, with a projection that premium growth of up to 25% per annum will result in a total cyber insurance premium pool of US$25 billion globally only two years from now in 2025.
before they happen,” says Davis.
Gonlin likens cyberthreats to the risk of getting burgled. While in some neighbourhoods of Australia people still feel safe leaving their doors open at night, the risk of an online attack is the same everywhere.
“Online, we’re all a click or two away [from trouble]. What that means is that we are all in bad neighbourhoods,” he says.
Global cyber insurance premium estimates
2023
The upturn is evident locally too.
“The cyber insurance market in Australia is in a pretty good place,” says Richard Smith, head of cyber at Blue Zebra Insurance. “Pricing has become more consistent; loss ratios have stabilised. Brokers have definitely upskilled in the area of cyber insurance, and they’re getting better at advising their clients.”
More malicious actors, state-sponsored cybercrime and the rapid shift of business to online solutions across all types of industry have helped firms understand that their levels of exposure are higher, and that they need to seek a backstop beyond their own IT security systems.
“Business assets are moving from the tangible to intangible with that ever-increasing reliance on technology, which makes them incredibly accessible. With the changing threat environment over the last couple of years, it’s ultimately shown the cyber market to be incredibly resilient and adaptive,” says Philippa Davis, international cyber team leader at CFC.
Cyber insurance has met these challenges by evolving.
It has become common across different types of insurance for insurers to actively seek to mitigate risks to prevent a loss event from happening in the first place, and cyber is no different. But the pace of evolution of the threat means that doing only a periodic check-up may not be enough to remain current.
“Cybersecurity and insurance is not a transactional sort of thing … it’s not a set and forget,” says Gonlin.
Due to the 24/7 nature of the monitoring required to ensure that threats are effectively countered, cyber insurance has moved into an era of ‘proactive protection’.
“The core value proposition of proactive protection is that it helps prevent customers from suffering cyberattacks and having to claim on their insurance policies,” says Davis.
Read on
The Asia-Pacific has been tapped by some as the area of the world with the highest potential for growth in adopting cyber insurance.
Countries such as Australia are investing more in security measures to combat increasing cyberthreats, but the reason the region faces a higher risk of cyberattacks compared to others is partly due to insecure interfaces and the relative ease with which data breaches can be carried out.
SME businesses are an example of a group just coming to terms with the risk they face.
“[Many SMEs] haven’t considered how they’re going to manage their risk. They need to assess their cyber exposures, they need to work out how they’re going to manage their cyber risk, and then they need to decide whether they’re going to transfer some of that risk to the insurance market, or if they’re going to self-insure that risk,” says Smith.
But with 98% of businesses in Australia falling into the SME bracket, it isn’t surprising that there is a broad spectrum of responses, with many firms still asleep at the wheel.
As time passes, the stakes only grow. Indeed, the market may be at a kind of inflection point as the response that firms take now has an outsize effect on their future prospects.
“There’s a growing divide between companies that get it and companies that don’t,” says Gonlin.
This digital gap has been highlighted in several industry reports, such as the Association for Cooperative Operations Research and Development’s Insurance Digital Maturity Study.
Gonlin says there is a need for brokers to push home to customers how quickly cyber exposures are changing. “You have to make it concrete – even though you’re more likely to get hacked than you are to suffer a fire, [cyber insurance lags property coverage].”
But the environment requires both robust security and insurance, not one or the other. “When the risk is reduced, then the insurance becomes affordable. People should go beef up their cybersecurity and then think about the insurance. The industry provides fantastic value – it’s a no-brainer,” he says.
Thinking that top-of-the-line security measures preclude the risk is a mistake. “It shouldn't be seen as an either/or. We all buy home insurance, but we still lock our doors, because we know that locks can be broken,” says Davis.
The same logic should apply to cyber insurance.
“Just because you have great security doesn’t mean that there’s no need for insurance as well,” she says.
“We’re not just financially indemnifying customers and providing instant response services, but also working around the clock to monitor our insureds and ultimately protecting them.”
Blue Zebra (BZI) is an insurtech underwriting agency catering exclusively to brokers and their clients. BZI also offers its technology platform as a service (PaaS) to selected insurance partners. The company wrote its first policy in April 2018 and offers a full suite of personal lines products, SME, commercial motor, personal accident and cyber insurance. With over 100,000 customers, Blue Zebra leverages big-data sources to assist the quote process and enhance its understanding of the underlying risk. Its small and highly empowered team deploy technology tools to streamline and automate back-end processes while delivering great service and efficiency.
Find out more
CFC is a specialist insurance provider, pioneer in emerging risk and market leader in cyber. Our global insurance platform uses cutting-edge technology and data science to deliver smarter, faster underwriting and protect customers from today’s most critical business risks. Headquartered in London with offices in Brisbane, New York, San Francisco, Austin and Brussels, CFC has over 800 employees and is trusted by more than 130,000 businesses in 90 countries.
Find out more
Emergence specialises exclusively in cyber insurance. We believe cyber insurance can be done better, easier and smarter. Our policies are plain language, easy to read and can be simply explained by brokers to their clients. Our portal is easy for brokers to use and offers powerful capabilities with minimal complexity. We have made cyber insurance accessible to thousands of businesses, big and small, across the Australian market. Further, our in-house incident response team provides immediate support and prompt handling of cyber incidents, limiting the damage that can be inflicted by cyberattacks and keeping businesses in business.
Find out more
In Partnership with
Cyber insurance comes of age
Cyber insurance is no longer a nice-to-have, and insurers are on the front foot, integrating security measures into business practices to meet a continuous threat
Read on
Jeff Gonlin
Emergence Insurance
Philippa Davis
CFC
Richard Smith
Blue Zebra Insurance
Industry experts
Richard Smith has nearly 30 years of commercial insurance experience in both the London and Australian markets. During that time his roles have included founder and director of a specialist cyber insurance provider and chief executive of a commercial insurance broking business. He is now head of cyber at Blue Zebra, underwriting on behalf of Certain Underwriters at Lloyd’s.
Blue Zebra Insurance
Richard Smith
Philippa Davis has over 10 years’ experience in the insurance industry in both the UK and Australian markets. As cyber team leader at CFC, Davis heads up the Australian cyber underwriting team and brings deep expertise to CFC’s cyber practice. Day to day, she is responsible for ensuring smooth operations and fostering excellence in the team’s performance. She also manages broker training, equipping them with the necessary knowledge to expertly handle cyber insurance for their clients. Davis has held senior underwriting positions at Vero and AIG in Melbourne, with a particular focus on risks in the professional and financial services sectors.
CFC
Philippa Davis
Prior to joining Emergence eight years ago, head of underwriting Jeff Gonlin worked in the US, Europe and Australia in casualty insurance and reinsurance.
Emergence Insurance
Jeff Gonlin
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Baldwin Risk Partner
Trevor Baldwin
In Partnership with
Cyber insurance comes of age
Cyber insurance is no longer a nice-to-have, and insurers are on the front foot, integrating security measures into business practices to meet a continuous threat
Read on
Jeff Gonlin
Emergence Insurance
Philippa Davis
CFC
Richard Smith
Blue Zebra Insurance
Industry experts
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Baldwin Risk Partners
Trevor Baldwin
Prior to joining Emergence eight years ago, head of underwriting Jeff Gonlin worked in the US, Europe and Australia in casualty insurance and reinsurance.
Emergence Insurance
Jeff Gonlin
Philippa Davis has over 10 years’ experience in the insurance industry in both the UK and Australian markets. As cyber team leader at CFC, Davis heads up the Australian cyber underwriting team and brings deep expertise to CFC’s cyber practice. Day to day, she is responsible for ensuring smooth operations and fostering excellence in the team’s performance. She also manages broker training, equipping them with the necessary knowledge to expertly handle cyber insurance for their clients. Davis has held senior underwriting positions at Vero and AIG in Melbourne, with a particular focus on risks in the professional and financial services sectors.
CFC
Philippa Davis
Richard Smith has nearly 30 years of commercial insurance experience in both the London and Australian markets. During that time his roles have included founder and director of a specialist cyber insurance provider and chief executive of a commercial insurance broking business. He is now head of cyber at Blue Zebra, underwriting on behalf of Certain Underwriters at Lloyd’s.
Blue Zebra Insurance
Richard Smith
Share
Share
Share
Next generation countermeasures
Published 09 Oct 2023
Cyber insurance a fast-growing sector
Source: MarketsandMarkets™; S&P Global
$0bn
$5bn
$10bn
$15bn
$20bn
$25bn
2025
2028
MarketsandMarkets™ estimates
S&P Global estimates
Estimated annual growth rate over period
+11.4%
+25–30%
Source: Australian Institute of Company Directors survey
Gaps in cyber governance
Proportion of directors saying their organisation has a formal cybersecurity framework or strategy
53%
Proportion of directors who have received training in cyber risk
44%
Proportion of firms that have appointed directors with cyber skills
23%
Proportion of directors who receive reporting on the cyber performance of key third-party suppliers
21%
How brokers can convince customers
A bullish outlook
of insurance. That’s a lower percentage than in both the US and the UK, but it’s an upward trend, and we’re going to experience fantastic growth in Australia over the next two to three years,” Smith says.
According to an Australian Institute of Company Directors survey, there are significant gaps in the implementation of cyber governance frameworks at organisational level: only 53% of directors say their organisation has a formal cybersecurity framework or strategy in place.
Only 44% of directors indicated receiving training in cyber risk, and just 23% had appointed directors with cyber skills. Another alarming statistic is that only 21% of directors receive reporting on the cyber performance of key third-party suppliers.
This issue was bought to light by some of the high-profile cyber breaches in 2022, including at Optus and Medibank.
“The ripple effect that these attacks actually had on smaller entities that had dependencies on these firms [was large]. This shows that you actually don’t directly need to suffer an attack yourself to suffer a loss,” says Davis.
The publicity generated by these attacks added fuel to the fire in terms of waking business owners up to the threat.
“It’s been a great tool to communicate to our brokers for them to communicate to their SME insureds [about the benefits of cyber insurance],” says Smith.
“In the space that we play in... the SME space, the vast majority of claims are in relation to ransomware and financial fraud-type scenarios. Brokers are very focused on getting adequate ransomware coverage to the full limit of liability under the policy, but also on making sure that all the financial fraud scenarios are covered.”
Australian customers behind the curve
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2023 KM Business Information Australia Pty Ltd
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
AU
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2023 KM Business Information Australia Pty Ltd
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
AU
Copyright © 2023 KM Business Information Australia Pty Ltd
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
AU