Macro economic, political and social uncertainty and volatility are identified as the big risks by risk managers again this year along with cyber. Does this concur with your conversations with customers? Does it surprise you?
Dr Stefan Sigulla: In times of unprecedented hacker attacks, Brexit and debt turmoil this ranking hardly surprises anyone and our clients regularly discuss this agenda with us. However, with the exception of cyber and some items regarding civil unrest these risks are not transferable: The booms and bust of the business is something resilient companies have learnt to deal with. With regard to political and social uncertainty companies have to carefully evaluate where to invest and to which markets to focus on. Risk managers can help inside the organisations with their unique focus to take those decisions with more scrutiny.
Risk managers report that they are spending more ‘face time’ with the main board and that company leaders are taking risk management more seriously. Is this something that you have experienced? What can insurers do to help raise the profile of risk management within the wider corporate world?
Having more attention inside the organisation? That is a wonderful development and it shows the development of the risk managers’ profession. It reflects somewhat my own experience within Siemens: The more professional risk management is set up the higher its value for the company and the more valued its advice. Insurers can equip risk managers with the necessary tools such as natural catastrophe modelling, cyber expertise, claims modelling and the like. The whole industry has a high interest in professional, experienced market participants.
Who do you think should be in charge of cyber risk within an organisation and how is this best organised to help identify, measure and manage this critical risk?
As cyber has developed into a very complex and highly dangerous risk landscape, a holistic approach is, in our opinion, very important. Cyber risk exists in almost every area of the modern world, and therefore the same can be said about it existing in almost every area of a modern business. Engagement from all of the stakeholders within a company is therefore critical to success. Management of the risk from an internal position is most effective when the C-suite and IT department work together to not only understand where the risk is most likely to develop, but also develop contingency plans to minimise the impact of a cyber incident should one occur.
What can insurers do to help risk managers identify, measure and manage cyber risk? What additional services can insurers offer to help mitigate this risk?
Instead of simply focusing on the financial support we offer the client one single point of contact. We will help manage problems that the client has when the company is hit by a cyber attack. Because then it is a case of pure crisis management. Some clients do not know what to do or where to turn. We will provide them with access to crisis experts. Apart from this, we should always keep in mind that risk management should not only be something up for discussion around purchasing time, but a constant dialogue between insurer and buyer. Therefore, HDI’s cyber insurance policy – Cyber+ – is more than just a promise of indemnity. It is a risk mitigation tool and provides access to service providers who are going to help lessen the impact of a cyber event should one occur. These services include, for example, breach response navigators, digital forensic experts, specialist legal counsel, public relations support and credit monitoring services. We believe this approach to be ever-more important with such a fast-developing threat landscape as we see in cyber.
What elements of cyber risk are insurable in your view?
HDI’s Cyber+ policy provides companies with access to an integrated insurance solution. It combines insurance against first and third party damage, incorporates key insurance extensions and provides crisis and risk management assistance. In some countries the scope of cover can be extended by adding D&O cover for corporate executives, who may be confronted with increased civil legal responsibility for the implications of cyber attacks. This aspect has tended to be rather neglected in the debate to date. As our insurance solution was designed in particular with industrial manufacturing businesses in mind, companies can comprehensively insure against business interruption risks of manufacturers resulting from cyberattacks. Furthermore, valuable additional benefits that round off the support available for risk and crisis management are offered as standard.
Do you think that there is adequate insurance capacity for this risk and is it fairly priced? What are the coverage gaps that need to be filled?
Capacity appears adequate on most European markets where we are offering our insurance solutions. Coverages running into the triple-digit millions are available, though only required by the major corporations. Leaving them aside, many of our midsized customers are interested in limits of between E5m and E25m. As to the prices, we only write those risks for which we believe the premium is commensurate with the risk. In other words, prices must be determined that are equally fair for policyholder and insurer alike. Speaking about the gaps that still need to be filled, the cyber market and the risk itself are changing continuously. That’s why we are regularly updating our policy and amend the coverage to upcoming risk situations.
Risk managers say that cyber risk insurance needs to be bespoke and not sold as an off the shelf product. Do you agree and what is HDI’s approach with this risk?
We perfectly agree with this approach. This is why we are offering different solutions for different client groups. Mid-sized companies with annual sales up to E50m can take advantage of our Cyber+ Smart policy. It’s scope of cover includes own and third-party damage as well as losses from business interruptions that have arisen because of cyber attacks. At the same time, this product keeps the administrative input required from policyholders to a minimum. Cyber+ Smart is the right insurance cover for many mid-sized companies with sums insured up to E5m. Higher limits of insurance for large industrial companies and groups can be obtained through the Cyber+ policy. A comprehensive risk analysis here provides the basis for assessment of the individual company risk. The modular product structure permits risk protection that is tailored entirely to the individual company.
What about the market in general – will it ever harden? Are there signs of a hardening in any lines?
We have seen a soft market for many, many years. In addition to this, the latest natural catastrophes worldwide will have affected many clients. In my opinion, this situation does not leave any room for a further price decrease. In fact, brokers already have been approaching us because of severely shrinking capacity when it comes to highly exposed risks, especially if natural catastrophe exposure is given. However, as far as HDI is concerned, we will only write those risks for which we believe the premium is commensurate with the risk. In other words, prices must be determined that are equally fair for policyholder and insurer alike.
Many customers complain that basic administration in areas such as global programmes is still very slow and cumbersome. How could and should insurers use latest technology to seriously improve administration and communication with customers?
We agree that technology and digitalisation can and should be used in order to make the exchange of information between our clients and us easier and more efficient. That is why we have been investing time, effort and money into the digitisation of our internal processes. Industrial lines insurance will become much more transparent and efficient. It will be similar to buying a book at Amazon where you can see where the book currently is and when the messenger boy will ring at your door to deliver it. In the future, our clients will always be able to check whether the premium has already been paid, if it is at the broker’s account or already at the insurer. They will also easily see the status of a claim.
The rise of digitalisation and the Internet of Things is rapidly changing the face of the personal lines insurance market. How will affect it the commercial and corporate space? How is HDI investing to ensure that it is not left behind in the new digital age?
As explained above, we are investing a lot of money into the digitalisation of our internal processes and into the improvement of our IT infrastructure. Some of these improvements are not yet visible as our digital studio’s team is still working on them. However, others are already online. Earlier this year, we launched for instance an online portal on the German market for taking out drone insurance policies. Policyholders receive immediate insurance cover when they take out a policy at this platform. Just recently, we launched a similar online portal for taking out cyber insurance policies. While this is currently limited to customers in Germany, we are going to expand this offer gradually to other countries and markets.
Furthermore, we have developed new software that analyses and visualises all types of local natural catastrophes in a very precise way at the touch of a button. We call this application ARGOS which is a digital geo-information system that is making a substantial contribution to claims prevention. These are just a few examples of our digitalisation projects that are all designed to make life and business for our clients and us easier.
This interview was first published in Commercial Risk Europe Risk Frontier Survey 2017. Publication on this website by courtesy of “Commercial Risk Europe”.