In Partnership with
Cyber insurance changes gears amid evolving risks
As cyber insurance rates decrease globally, insurers are grappling with pricing challenges while striving to educate clients and provide value-added services in an increasingly competitive landscape
Jeff Gonlin
Emergence Insurance
Industry experts
Lindsey Nelson
CFC
Trent Nihill
Coalition
Trevor Baldwin
Baldwin Risk Partners
Jeff Gonlin began his insurance career in 1980 in the US, underwriting the full spectrum of casualty business. After gaining extensive experience internationally, Gonlin sought a fresh and fun opportunity. He joined Emergence in 2016, drawn by the dynamic field of cyber insurance and Emergence’s innovative approach. As head of underwriting at Emergence, Gonlin’s mission is to assess and manage cyber risks, shaping and growing the organisation while navigating the dynamic risk landscape. Gonlin is leaving his ‘fingerprints’ on the products that Emergence is developing, playing a crucial role in realising the company’s vision and ensuring its ongoing success in the cyber insurance sector.
Emergence Insurance
Jeff Gonlin
As head of cyber development at CFC, Lindsey Nelson oversees global business development strategy for the company’s cyber portfolio and is responsible for broker distribution, the new business growth strategy and internal development of CFC’s global team of cyber underwriters. With nearly 15 years’ experience in underwriting cyber and technology risks, Nelson’s expertise has made her a sought-after speaker at a wide range of conferences across Europe and North America, while she continues to play an active role in underwriting strategy.
CFC
Lindsey Nelson
Trent Nihill is a seasoned risk professional with nearly two decades of experience in the Australian and London insurance markets. For the past seven years, he has focused exclusively on cyber insurance underwriting. Nihill currently serves as head of underwriting, Australia, at Coalition, where he was one of the first local hires. Prior to this role, he held positions of increasing responsibility at domestic and international carriers and agencies.
Coalition
Trent Nihill
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Baldwin Risk Partners
Trevor Baldwin
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Tellus in penatibus condimentum malesuada ante vulputate nisi, arcu leo. Amet urna sapien purus vestibulum fermentum a. Cursus metus massa donec sed varius. Nunc enim sit morbi lacus, molestie et nunc. Nullam sed facilisi id malesuada. Ante purus velit, quam scelerisque ultrices scelerisque donec.
Velit egestas vel ornare pellentesque ridiculus. Mauris tempor augue quis mattis suspendisse feugiat commodo posuere. Faucibus massa adipiscing nullam elit, ac vel accumsan. Phasellus eget ac dignissim fermentum ac placerat elit, metus. Nulla porttitor ante egestas molestie quis quam. Pharetra magna sit mauris tellus gravida rutrum libero sit. Justo orci cras euismod proin massa lorem ut. In non tellus phasellus faucibus ullamcorper nullam odio dui et.
Vault Plus Mortgage and Finance Consultancy
David Merison
“We’re very aligned with customers – we really want them to prevent having a claim. If they don’t have a claim, it’s a good result for us, and it’s a good result for them”
Trent Nihill,
Coalition
THE CYBER insurance market is experiencing a notable shift as rates decline globally after years of sharp increases – a softening trend that presents both opportunities and challenges for insurers, brokers and policyholders alike.
�Insurance Business TV spoke to experts in the area at a recent Executive Insights panel to hear their views on the subsector’s evolving profile.
Key players in the industry are focusing on education, innovation and proactive risk management to stay ahead of evolving cyber threats. At the same time, the recent global outage affecting cybersecurity firm CrowdStrike has further highlighted the complexities of systemic risk in the digital age, prompting a timely revisiting of the importance of cyber insurance in an increasingly interconnected world.
“The biggest, hardest component to price with any confidence is that systemic risk load. Some might load it with 5%, some might load it with 25%”
Jeff Gonlin, Emergence Insurance
“We’re at a position now where there are fewer policyholders today in Australia and in the world than there were in 2020, so the market isn’t really growing”
Lindsey Nelson,
CFC
The softening market has implications beyond just pricing. Lindsey Nelson, head of cyber development at CFC, noted that this trend is putting the market at a critical inflection point.
�“We’re going to end up right back to where we were in 2020 again,” she warned. “The main point is that losses haven’t changed since 2020 – they’re still frequent, and they’re still severe.”
�She also highlighted a concerning trend in market growth. “We’re at a position now where there are fewer policyholders today in Australia and in the world than there were in 2020, so the market isn’t really growing. It actually grew over the
“We see still the assumption being made that it’s only clients with vast amounts of PII [personally identifiable information], or the retail healthcare industries, that typically need cyber insurance. Every single business that has an employee or uses a computer has the exposure, so it’s no longer a specialist product. It’s something that applies to everybody,” Nelson said.
�The reality is that cybercrime has become a lot easier to conduct than it used to be.
“The economics of cybercrime have been against us for years,” said Gonlin. “The barriers to entry for cybercriminals continue to drop. They’re ever more organised and capable. It’s a growing threat that the SME has to keep pace with.
really want them to prevent having a claim. If they don’t have a claim, it’s a good result for us, and it’s a good result for them. Prevention is always better than a cure.”
Nihill emphasises the importance of tailored communication in these proactive efforts.
“Sending out mass emails about an issue in a product and asking customers to patch it may help some, but what customers need is more assistance than that – really making sure the advice is granular and targeted to the customer, with an expert available to walk them through the remediation process.”
Gonlin noted that while tech-enabled underwriting and cyber risk management aren’t new concepts, their acceptance has grown.
“What I think has changed is an appreciation for or an acceptance of the approach,” he said. “It’s being more embraced where five, six years ago I think insureds and brokers were a bit more sceptical. It was a harder sell. But now I think they’re seeing more and more the value. It’s a very positive development.”
While the trend marks a significant change from the period of rapid price increases, rates still remain higher than they were three years ago, reflecting the market’s ongoing adjustment to cyber risk realities.
�Jeff Gonlin, head of underwriting at Emergence Insurance, noted the competitive nature of the current market. “It’s been softening for over a good half a year or so, especially sharp competition [among] the large corporates. As you move down mid-market and SME, you see competition, but it’s not quite so sharp – single digits, maybe 10, 15%.”
�Gonlin added that this competition isn’t necessarily a bad thing. “Coverage has become a lot more standardised in scope, so there’s a little bit less differentiation there, I would say. But cyber is far from a commodity, and I think that healthy competition in terms of value-added services is picking up. We think that actually accrues to the benefit of the insured.”
“Doing nothing is not the answer. Doing what you did two years ago is not the answer. We’re all ensuring that small businesses have access to digital platforms, but the question is, how do we help them to run their business securely and with confidence?”
Declining rates for cyber insurance
last few years because of rate increases, and now that they’re coming down, we’ve got both a challenge to make sure that the price is right but also [that] we’re still making the product accessible to clients, and brokers are able to sell it with confidence.”
Read on
As the market evolves, insurers are increasingly focusing on proactive risk management services to differentiate themselves and provide additional value to policyholders.
�“The proactive services have really become the core of the policy these days,” said Nelson. “We launched a division of almost 50 people who form our proactive services team, and the core of their philosophy is to prevent cyberattacks for our policyholders.”
�Market understanding has evolved in line with the threat profile, she said. “About five years ago it felt like the market shifted. We started seeing the market switch from coverage being the main focus to incident response. Now we’re seeing a shift from becoming a responsive product to a proactive product.”
Nihill echoes this sentiment: “It really is that active approach. We’re very aligned with customers – we
As the cyber insurance market continues to evolve, industry leaders are focusing on innovation, education and holistic risk management solutions.
“Our mission remains the same as it was,” said Gonlin. “We’re here to make businesses safer and more cyber-resilient. The question is not just what we offer but how we package it for SMEs especially. I think a holistic package with less friction and more value – with risk transfer plus services – that’s often the best solution.”
�Nelson envisions a shift in how cyber insurance is perceived and sold from a niche to a general product.
�“We genuinely think that every single broker should be upskilled and be able to confidently speak about the product and have that knowledge. Our mission is to turn all generalist brokers into cyber specialists. We’re going to be launching some training programs around that to help upskill and hopefully convert that 90% in Australia who aren’t buying a cyber policy today.”
�Nihill remains cautiously optimistic about the market’s future and the ability of underwriters to learn from the tougher environment of late.
�“I think we are still going to trend downwards with some pricing … [but] I feel like I’m optimistic around pricing. I think the more data we collect, the more underwriting we do … I do think there’s sustainable pricing,” he said.
�As the market softens and competition intensifies, perhaps it’s inevitable that some wheat will be sorted from the chaff. But this can also be a sign of a market moving from an early growth stage to a more mature and sustainable industry – changing gears, if you will.
�By focusing on education, proactive risk management and innovative solutions, insurers and brokers can help businesses navigate the fray as they shape the industry’s approach to systemic risk and policy design in the years to come.�
Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. The company created the Active Insurance category to provide active cyber risk assessment, protection, response and coverage to Australian businesses. Coalition’s cyber risk management platform provides automated security alerts, threat intelligence, expert guidance and cybersecurity tools to help businesses remain resilient in the face of cyberattacks.
Find out more
CFC is a specialist insurance provider, a pioneer in emerging risk and a market leader in cyber. Our global insurance platform uses cutting-edge technology and data science to deliver smarter, faster underwriting and protect customers from today’s most critical business risks. Headquartered in London with offices in New York, San Francisco, Austin, Toronto, Brussels, Sydney, Melbourne, Perth and Brisbane, CFC has over 900 employees and is trusted by more than 150,000 businesses in 90 countries.
Find out more
Emergence is an award-winning underwriting agency exclusively focused on providing smarter cyber insurance solutions. We help protect Australian businesses and families against the financial, commercial and reputational risks of cyber threats with comprehensive cyber coverage. Our policies are written in plain language, making them clear and accessible for all clients. Our user-friendly portal allows brokers to quote and bind policies in minutes, ensuring efficient protection against cyber threats. Navigating the complexities of cybersecurity can be daunting. Our smarter cyber services provide robust, real-time protection and expert support to effectively mitigate cyber risks. Our 24/7 in-house incident response team ensures rapid, expert handling of cyberattacks, minimising losses and restoring business operations swiftly.
Find out more
In Partnership with
Cyber insurance changes gears amid evolving risks
As cyber insurance rates decrease globally, insurers are grappling with pricing challenges while striving to educate clients and provide value-added services in an increasingly competitive landscape
Read on
Lindsey Nelson
CFC
Trent Nihill
Coalition
Jeff Gonlin
Emergence Insurance
Industry experts
Jeff Gonlin began his insurance career in 1980 in the US, underwriting the full spectrum of casualty business. After gaining extensive experience internationally, Gonlin sought a fresh and fun opportunity. He joined Emergence in 2016, drawn by the dynamic field of cyber insurance and Emergence’s innovative approach. As head of underwriting at Emergence, Gonlin’s mission is to assess and manage cyber risks, shaping and growing the organisation while navigating the dynamic risk landscape. Gonlin is leaving his ‘fingerprints’ on the products that Emergence is developing, playing a crucial role in realising the company’s vision and ensuring its ongoing success in the cyber insurance sector.
Emergence Insurance
Jeff Gonlin
Trent Nihill is a seasoned risk professional with nearly two decades of experience in the Australian and London insurance markets. For the past seven years, he has focused exclusively on cyber insurance underwriting. Nihill currently serves as head of underwriting, Australia, at Coalition, where he was one of the first local hires. Prior to this role, he held positions of increasing responsibility at domestic and international carriers and agencies.
Coalition
Trent Nihill
As head of cyber development at CFC, Lindsey Nelson oversees global business development strategy for the company’s cyber portfolio and is responsible for broker distribution, the new business growth strategy and internal development of CFC’s global team of cyber underwriters. With nearly 15 years’ experience in underwriting cyber and technology risks, Nelson’s expertise has made her a sought-after speaker at a wide range of conferences across Europe and North America, while she continues to play an active role in underwriting strategy.
CFC
Lindsey Nelson
In Partnership with
Cyber insurance changes gears amid evolving risks
As cyber insurance rates decrease globally, insurers are grappling with pricing challenges while striving to educate clients and provide value-added services in an increasingly competitive landscape
Read on
Lindsey Nelson
CFC
Trent Nihill
Coalition
Jeff Gonlin
Emergence Insurance
Industry experts
As head of cyber development at CFC, Lindsey Nelson oversees global business development strategy for the company’s cyber portfolio and is responsible for broker distribution, the new business growth strategy and internal development of CFC’s global team of cyber underwriters. With nearly 15 years’ experience in underwriting cyber and technology risks, Nelson’s expertise has made her a sought-after speaker at a wide range of conferences across Europe and North America, while she continues to play an active role in underwriting strategy.
CFC
Lindsey Nelson
Trent Nihill is a seasoned risk professional with nearly two decades of experience in the Australian and London insurance markets. For the past seven years, he has focused exclusively on cyber insurance underwriting. Nihill currently serves as head of underwriting, Australia, at Coalition, where he was one of the first local hires. Prior to this role, he held positions of increasing responsibility at domestic and international carriers and agencies.
Coalition
Trent Nihill
Jeff Gonlin began his insurance career in 1980 in the US, underwriting the full spectrum of casualty business. After gaining extensive experience internationally, Gonlin sought a fresh and fun opportunity. He joined Emergence in 2016, drawn by the dynamic field of cyber insurance and Emergence’s innovative approach. As head of underwriting at Emergence, Gonlin’s mission is to assess and manage cyber risks, shaping and growing the organisation while navigating the dynamic risk landscape. Gonlin is leaving his ‘fingerprints’ on the products that Emergence is developing, playing a crucial role in realising the company’s vision and ensuring its ongoing success in the cyber insurance sector.
Emergence Insurance
Jeff Gonlin
Share
Share
Share
Declining market rates and increasing competition
Published 07 Oct 2024
-6%
-5%
-4%
-3%
-2%
-1%
0%
Q3 2023
Q4 2023
Q1 2024
Q2 2024
Source: Marsh Global Insurance Market Index
Threat actors
A dynamic cyber threat landscape
State-based�Cybercriminals�Hackivists�Insiders
Typical attack types
Ransomware�Supply chain vulnerabilities�Human error�Work email compromise�Phishing and malware�Denial of service (DoS) attacks
Vulnerable assets
Confidential and personal data�Operating systems�Trade secrets�Intellectual property�Bank accounts�Reputation
The past year has proven tougher for the sector compared with the giddy growth of the past.
“Globally, we are seeing rates continue to reduce,” said Trent Nihill, head of underwriting, Australia, at Coalition. “Marsh’s most recent market index stated that cyber rates were actually down 6% in the second quarter of 2024. From my own experience, I’d say it’s probably pretty true for Australia.”
Nihill provided a counterpoint, suggesting that improved data and experience are contributing to more accurate pricing. “We have more claims data and more risk data than we ever have. As we develop as a market, we are hopefully taking some of the unknown out of it. So really, we should be getting more accurate pricing as we go.”
�But such losses should lead to better practice. “As we see more of these claims, as we do more underwriting, we should be getting better each year,” he said.
Challenges in pricing and risk assessment
The decreasing rates raise questions about how insurers can maintain profitability in the face of severe losses.
�“Too much capital chasing too little business,” said Gonlin. “Everybody’s got their own rationale. Some might believe that the market overreacted to previous losses and that there’s still some fat in the rates. Others might just be trying to buy their way into the market, believing they can recoup later.”
�He also pointed out the unique challenges of pricing cyber insurance. “The biggest, hardest component to price with any confidence is that systemic risk load,” he said. “Some might load it with 5%, some might load it with 25%, so there can be valid reasons why opinions might differ.”
One of the key challenges in the cyber insurance market is convincing small and medium-sized enterprises to purchase coverage. But there's been some progress in this area.
“Around 70% of accounts we’ve written are actually new purchases. So we’re not just renewing others; it’s clients buying for the first time,” said Nihill.
�He attributed this growth to improved communication with customers. “I think what really helps is as an industry talking to customers more about their risk and their exposure and how to mitigate that and not just kind of selling another product which customers don’t understand.”
�Nelson emphasised the importance of education in reaching this market segment. “It simply boils down to education. We want to make sure that cyber is explained simply and brought back to basics. For a lot of these small business clients, we can’t talk to them the same way that we can talk to a corporate large risk-managed client.”
�There are several strategies for improving SME engagement, including the need to perfect the elevator pitch and explain cyber risk in simple terms.
“We need to lead with the conversation with clients about what their actual cyber exposure is before we get into the solution that is cyber insurance,” Nelson said. She also recommended prioritising cyber risk discussions rather than leaving them to the end of renewal meetings.
�Addressing common objections is another key strategy. “There’s a lot of objections from small businesses that they’ve got their security under control, so they don’t need cyber insurance,” Nelson said. “The important part there is that cyber insurance offers proactive services to actually help prevent these attacks from happening in the first place.”
�A broader range of customers could also reap benefits.
Educating and attracting SMEs
Proactive risk management and value-added services
Has the mission for cyber changed?
The recent global outage involving cybersecurity firm CrowdStrike provided a real-world test of systemic risk in the cyber insurance market. While not as catastrophic as initially feared, the incident offered valuable insights.
�“It’s not the big systemic event that’s going to turn and change the market and swing us back into a hard-market position,” Nelson said. “But it has refocused attention back to the fact that it’s not just malicious attacks or war potentially that’s going to cause these issues. This is just simply systems going down or not operating correctly that’s created this downstream impact on businesses.”
�Nelson highlighted several key lessons from the incident. “We have seen the impact from a large corporate perspective as those were the companies directly using CrowdStrike, and given Australia was first to wake up in the world, the impact is felt more in Australia than anywhere else globally. But that exposure for us nonetheless is incredibly manageable.”
�The incident underscores the universal nature of cyber risk.
“The irony is that a security company couldn’t prevent this from happening and was literally the cause of it, [which makes for] quite an interesting case example,” Nelson observed. “CrowdStrike, for what it’s worth, are one of the best if not the best security provider in the world, and this happened, so it really is true that everybody has that exposure and certainly nobody’s immune from an attack or a failure in their line of business.”
�Gonlin sees a silver lining in the incident, as it brings what was once theoretical firmly into the realm of a real risk. “I’m actually relieved that we’ve had such an event. We’ve got something more concrete to discuss now. If the loss comes in at 10–15% of the entire cyber premium pool, the industry will absorb it and move on. We’re here to pay losses.”
�Nihill agreed the scale of the incident was not enormous. “It’s definitely not a kind of Armageddon event that we saw. A lot of big-name companies were impacted, but it was still less than 1% of Windows computers. The insured losses will probably be somewhere between US$270 million to $960 million – that’s not a major part of the cyber portfolio globally.”
Lessons learned from the CrowdStrike incident
As artificial intelligence continues to advance, it presents both opportunities and challenges for the cyber insurance industry.
�“The insurance industry is so data-intensive, and it’s very service-intensive, so it’s easy to imagine just a wide range of applications for AI,” said Gonlin.
He highlighted the potential of AI in predictive analytics as being more valuable to the cyber sector given how quickly data becomes obsolete in the area.
�“The value of historical data is maybe less than it would be on other lines of insurance, so the ability of predictive AI to detect patterns to learn fast – that’s a game-changer.”
�But there is also a certain amount of hype surrounding AI conversations at the moment.
�“It’s a bit like the new crypto,” said Nelson. “We were always talking about cryptocurrency a few years ago, and I think [AI] is the new buzzword. But with that said, I think it’s here to stay.”
�AI can be used for nefarious purposes as well, but while traditional cyberattack methods remain effective, the immediate impact of AI on the threat landscape is limited.�
“Unfortunately, the traditional methods they’re using – ransomware and phishing – are already so effective [criminals] actually don’t need AI,” said Nihill.�
One exception is the language power that AI commands. A few years ago, wonky grammar or shoddy formatting were a telltale sign that all was not right when a strange email arrived. �
“Probably phishing emails are getting a little bit better … being able to rewrite with AI makes them a bit more challenging [to spot],” he said.
The role of AI in cyber insurance
Source: Australian Institute of Company Directors
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2024 KM Business Information Australia Pty Ltd
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
AU
Copyright © 2024 KM Business Information Australia Pty Ltd
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
AU
Contact Us
Specialty
Best in Insurance
Resources
Risk Management
TV
News
AU
RSS
Sitemap
Contact us
About us
Conditions of Use
Privacy policy
Terms & conditions
People
Copyright © 2024 KM Business Information Australia Pty Ltd