Allianz Global Corporate & Specialty SE (AGCS), Allianz Group’s specialist carrier for corporate insurance business, has teamed up with Silicon Valley-based cyber risk analytics and modeling firm Cyence to boost its global cyber risk analysis capabilities. By combining Cyence’s cyber analytics platform with AGCS’ underwriting processes, the insurer will be able to analyze cyber exposures at company level for large businesses, creating a detailed understanding of their cyber risks and quickly allowing it to tailor coverage to fit specific customer profiles.
In a second initiative, AGCS plans to integrate Cyence’s cyber risk analytics into new digital distribution platforms that enable low-touch, automated underwriting of cyber policies for medium-size companies. Both companies are also joining forces to develop a new predictive modeling tool for cyber-driven business interruption risks.
“We are moving our underwriting approach from hindsight to foresight,” explains AGCS Board Member Hartmut Mai as the rationale behind the cooperation with Cyence. “The future of underwriting and practical risk management will be based on the intelligent use of technology and data. AGCS has always been known for its industry-specific expertise, but going forward we must complement our technical know-how and experience with extensive data-driven insight and predictive modeling if we want to keep ahead of new risks such as cyber, supply chain, or emerging liability exposures. After an extensive evaluation of various partners, AGCS is excited to partner with Cyence for their market leading capabilities.”
AGCS has previously announced a similar partnership with liability modeling specialist Praedicat. While Praedicat focuses on analyzing big data to identify risk trends in liability, Cyence, based in San Mateo, California, is regarded as the leading cyber risk modeling firm. Cyence has developed a unique platform to assess both cyber exposures and a company’s cyber resilience by collecting and examining data at scale from a variety of public and proprietary sources. Cyence reaches beyond the technical analysis of the IT security of a company into analyzing the human behavioral indicators and an organization’s processes to calibrate cyber risk. The Cyence platform spans from risk selection and assessment of individual companies to risk accumulation and catastrophic cyber risk scenarios and their potential impact.
Recent cyber attacks have illustrated how vulnerable even well-prepared businesses can be to such threats: Cyence estimates that May’s Wannacry ransomware caused economic losses reaching $8 billion, inclusive of extortion payments, business interruption, lost profits, and extra expenses required to keep businesses moving and restore systems.
In parallel, cyber risk increasingly features on boardroom agendas, with some larger companies now looking to purchase cyber insurance coverage for up to €500 million in losses. The global cyber insurance market is expanding quickly and is predicted to rise from $2.5 billion in 2015 to $7.5 billion by 2020, reaching $20 billion in premiums by 2025, according to KPMG. This increasing demand creates challenges for insurers in assessing risk, both at the individual company level and in the case of a widespread attack where claims may accumulate, producing industry-wide losses at potentially unprecedented levels. With limited historic claims information, plus a fast-changing cyber threat, traditional insurance underwriting approaches are struggling to fully assess these new risks.
AGCS will use the Cyence predictive risk modeling platform to address these challenges: it will be able to quickly produce individual cyber risk profiles to improve its underwriting of each customer, as well as modeling its cyber accounts worldwide in economic terms to identify trends or growing risks or understand how they would respond to cyber incident scenarios.
Arvind Parthasarathi, CEO of Cyence, added: “We are excited to be partnering with Allianz to understand and model cyber risk and grow this important coverage line. The progression of global cyber regulation and evolution of the risks businesses face make it more important than ever for companies of all sizes, industries, and geographies to review their cyber security and resilience safeguards, and consider cyber insurance as part of a robust risk management strategy.”
While cyber risks assessment for large corporations at AGCS will remain highly individual expert assessments based on a variety of sources such as interviews, surveys, reports – and going forward—big-data analytics, medium-size companies require a different approach. AGCS, which is also Allianz’s center of competence for cyber insurance, is currently developing automated underwriting capabilities to efficiently serve the rising demand for cyber insurance from this segment. AGCS is integrating its underwriting expertise with Cyence’s modeling know-how and technologies and creating an automated underwriting process for a new digital self-service platform for preferred distribution partners in select countries. “We enhance our own cyber underwriting expertise with Cyence’s models to allow for automated risks assessment, quotation and delivery of cyber policies for medium-size companies,” explains Bernard Poncin, Global Head of Financial Lines at AGCS.
In a further project, AGCS and Cyence aim to pool their respective specialist know-how on business interruption and cyber risks in order to develop a new modeling tool for the emerging risk of cyber business interruption. In addition to data and privacy incidents, it is increasingly business interruption/contingent business interruption (BI/CBI), which is seen as a major element of cyber risk for companies. Whether they are online retailers, airports, hospitals or factories, if today’s digitalized businesses are brought to a standstill through a hacker or ransomware attack, or a simple IT glitch, disruptive impact losses can easily amount to millions of dollars and quickly multiply beyond a single company. While demand for insurance cover is increasing, cyber BI/CBI is a relatively untested area for insurers. “The new model will help us to much better measure the cyber BI/CBI exposure, which is becoming a key concern for our clients and could lead to peak-loss scenarios such as widespread disruption of critical infrastructure or networks,” explains Poncin.