RANCHO MIRAGE, Calif. — The exponential growth in technology innovation is driving increasing exposures for companies, leading to greater volatility and uncertainty for cyber insurance buyers, experts say.
The technology is “literally exploding,” Michael Steep, Stanford, Calif.-based founder and executive director of the disruptive technology program at Stanford University and CEO of consulting firm Transform Innovation Ventures, said during a panel session Tuesday at the Captive Insurance Companies Association 2023 International Conference.
Silicon Valley and tech startups globally will spend $300 billion on disruptive technology by 2022, creating massive amounts of data for all kinds of connected devices, he said.
Artificial technologies, such as ChatGPT, are also evolving, creating problems for businesses and consumers, he said.
This next wave of technology will “open up a whole new area of vulnerability to cyberattacks,”; Steep said, noting that bad actors can manipulate information in a way that allows it to spread in virtually any type of application without adequate protection.
The speed of AI-based attacks is now in milliseconds, while the IT response time to these attacks is “ridiculous” — about 167 to 215 days, he said.
The outlook for cyber insurance is uncertain and volatile, said Aaron Hillebrandt, Bloomington, Illinois-based principal and consulting actuary at Pinnacle Actuarial Resources.
“A year ago, we felt pretty confident that interest rate hikes would continue, and bond yields would tighten,” Hillebrandt said.
But the picture is no longer clear, he said, noting that his analysis of recent loss ratio data at one cyber insurer indicated a “dialback” of loss trend assumptions, pointing to a tightening of underwriting, while interest rates appeared to have eased.
“If you’re thinking about writing homeowner’s insurance in Florida where there’s a lot of hurricanes, you’d reasonably expect that it would be really expensive to cover. But if an insurance company all of a sudden decided that the only homes they were going to (cover) would have to touch the Georgia border, then you might be able to take a major rate cut for that hurricane. That might be some of what’s going on here,” Hillebrandt said.
By 2021, cyber buyers faced overall rate increases of as much as 400%, said Nick Pearson, Tampa, Fla.-based vice president of BMS Group Ltd.
“There was a market correction of pricing that needed to be done on some of these risks,” Pearson said.
While price increases still occur, they have “leveled off,” with some books seeing increases more in the 10% to 50% range, he said. He attributed this change to greater underwriting discipline by insurance companies.
Insurers are asking a lot more risk management questions, which has helped, Mr. Pearson.
“It’s been tough to place some insurance,” and there’s a much greater focus on risk controls, such as multifactor authentication and endpoint detection and response (EDR), he said.
The insurance industry has traditionally looked back at historical loss scenarios and loss ratios, but companies need to be more proactive in responding to cyber threats, said Stephen Cardot, CEO of CloudCover Re, based in Minneapolis.
The days of people sitting in front of monitors to resolve attacks from bad actors “are over,” Cardot said.
The use of automated intelligent platforms and deep learning technology that can predict IT security problems at sub-second reaction times will increase, he said. AI generative platforms are “a game changer” that can help mitigate and control cyber risks in real time, he said.