Nicholas Tey, financial lines regional manager for Asia at Beazley, explains why there is a growing focus on cyber business interruption as a driver of loss for Asian businesses and how international data protection regulation is shaping the threat environment
From global ransomware attacks to new data protection regulations, there are a number of reasons why awareness of cyber exposures have continued to climb up the boardroom agenda.
In August 2018, Taiwan Semiconductor Manufacturing Company (TSMC), which supplies the core processors for Apple’s iPhones, revealed that parts of its production facilities had to be shut after its systems were struck by a variant of the WannaCry virus, at a cost of up to $170m.
Companies around Asia are facing the growing reality that disruption to their day-to-day operations is as likely to arise from a cyber event as it is from a natural hazard or fire. This could be due to a direct malicious attack or the indirect disruption caused by an internet provider, cloud operator or national grid being taken offline, for instance. Such losses are unlikely to be covered under traditional business interruption (BI) policies where physical damage is often required to trigger a claims payout.
We see a very clear trend of cyber BI concerns driving buying decisions. Companies remain concerned about privacy and third-party liabilities surrounding loss of data, but more and more, it is business interruption that has become the key buying decision when it comes to cyber insurance.
This is a driver for mid-sized organisations and major firms alike. With this shift in demand, Beazley continues to be flexible in providing the right coverage for the client.
Through initiatives such as our Vector partnership with Munich Re, for example, which offers comprehensive insurance for large cyber risks, we are providing a combination of bespoke expertise and capacity to address all manner of losses arising from a cyber event.
High-profile intrusions and new regulation all help to raise awareness and are important catalysts to start the conversations with clients, customers and brokers.
But more generally we can attribute the shift in focus to corporate risk management and the conversations taking place at the board level in many Asian companies.
There is inevitably a lot of talk about cyber and when they review their exposures it becomes apparent that what is going to hit their P&L the most is business interruption.
Scenario analysis and portfolio stress testing play an important role. It is clear that company risk managers are today carrying out in-depth risk reviews of cyber and are better able to quantify their impact from a number of different loss scenarios. This enables them to better inform their boards of directors which are in turn able to make clearer and faster decisions.
Beazley is fortunate to be one of the few organisations that provides cyber solutions for the full spectrum of the market from entry-level SME products, where we partner with local carriers, through to more complex business interruption cover and tailor-made cyber solutions for large multinational organisations that are designed to meet the needs of the client.
The insurance markets in Asia are fragmented and therefore cyber insurance is developing at different stages depending on which country you’re in. In some of the markets growth of cyber is in line with general insurance and it is clear cyber is leading the charge when it comes to liability products. India, for instance, has a good cyber offering and the take up rate is high, whereas in other markets it is clear that companies are waiting for the market leaders to pick up the momentum.
Regardless of the phase they are in, each of the markets is moving and it is indisputable that cyber will be on top of the discussion table for the next few years. At Beazley it is an important pillar of our expansion in Asia and our take up rates have been steadily growing over the past few years.
At the same time, the introduction of new cyber security laws is helping these markets further mature, with the influence of regulation at a local level in addition to growing cross-border exposures due to regulation drafted overseas, such as the EU GDPR and California’s IoT security bill. All of these are the changing the landscape of cyber in Asia and driving demand for cover