ANAND PATEL: Hello, and welcome to (Re)thinking Insurance. I'm your host, Anand Patel, and today, we'll be exploring the challenges and opportunities within the cyber insurance markets. This podcast is inspired by our video series, Thinking Unbound, in which we explore the latest trends impacting the commercial and global specialty markets. If you'd like to watch the full video on this topic, please search for Thinking Unbound on our website wtwco.com.
Today, I'm joined by our guests, Dr Kennet Otto and Georgy Matov. Thank you for being here. As two of WTW's cyber experts, I'm interested to hear about your insights and your views on the cyber insurance market within Europe. It would appear that Europe is relatively slow in terms of the development of cyber insurance.
Yet, it is a feature of critical importance to national economies and the resilience, as well as developing the skills and the adequacies to be able to administer a very-high profile and emerging risk. Why do you think that Europe has been slow in terms of the progress of developing a cyber insurance market?
Dr KENNET OTTO: So let me first say, I wouldn't call it slow. Let me disagree a little bit with that. First of all, there are geographies in Europe where we can see a growth of 50% each year. So I wouldn't call that slow.
The other thing is, there are a lot of new players in the market, as well in France, for example, or in Germany, startups, but also bigger ones who really come into the market. And we can see more and more of that. So it's a growing market, strongly growing market. That's the one thing.
And the other is, I would say, the insurance market follows a little bit the risk situation. So it all started with a very big risks, right? And now, the mid-sized companies and small companies are more and more attacked. And of course, this is the reason why they seek or need cyber insurance.
And that's a development which is really very positive for the insurance market. And so I would say, it's a developing market, and it's a grown-up market. So they just started a little bit later. And I would not call that slow if you like.
GEORGY MATOV: Perhaps if I can add a couple of perspectives from my end, I would agree with Kennet. Yes, cyber first emerged as a risk which grabbing headlines in the US, then moved across the pond and became a prominent feature in the London market, whereby, a lot of international business originating predominantly in the US was placed.
But now, increasingly, London market players are looking for growth and opportunities on the continent through delegated authority business, facilities, and so on and so forth, reflecting the fact that continental Europe is starting to play catch-up in a major way. And as Kennet suggested, some of the major markets, like Germany and France, are offering very exciting opportunities. But it's not just that. There are other markets in Southern Europe and in Northern Europe where the awareness around cyber risk increasing.
And as a result of this, there is recognition that cyber coverage is important hygiene factor for successful economic growth.
Dr KENNET OTTO: Maybe to add two things at the moment which is really driving the business in a very strong manner-- these are two sports events. So the one is in Germany. Currently, we have European football games, and then we have the Olympic games in France. And both events are really important.
Why that? If you look at the former events, it was about 500,000 attacks only for one larger event. And the idea is that the Olympic games in France will even attract more attacks, right? So something about a million or something.
If you look at this development, I'm quite sure that the growth will continue. And everyone who is looking at the cyber market will see that there are a lot of opportunities. And that is something, coming again back to this slowness of the cyber market, I wouldn't call it slow. It's just evolving and a lot of opportunities for the insurance market.
ANAND PATEL: Yeah, that's certainly an interesting point in terms of those big headline sporting events almost galvanizing the cyber insurance market and getting it to act. And I think, earlier on, you mentioned the proliferation or the large increase in the number of startups and the offerings in that space.
Do you think there's a risk aversion from European insurers in the space of cyber? We're obviously aware that there's big systemic potential. It's difficult to quantify. It's difficult to get your hands around. Do you think European insurers are approaching cyber risk differently, perhaps, to the US market, which was the lead market? Are they particularly scared of cyber insurance?
Dr KENNET OTTO: Again, the word scared is probably, from my perspective, not the right one. I would say, there is a certain prudence in how to manage cyber insurance. If you look at the official numbers from the German market, to give an example, alone, from '21 to '22, the retention went down. So primary insurance companies bought more and more reinsurance, so good sign for the reinsurance market. And I think we can observe that cyber insurance companies are very careful, and that's good.
And then, there is another thing, where I'm absolutely convinced and that is becoming more and more true in the market. That is, cyber insurance belongs in the hands of experts. And this is something which also shows, you have to be careful if you don't follow certain rules that are mandatory. And so I would say, the whole cyber market is, yeah, as I said before, it's grown-up but is developing more and more. And being careful in this very rapidly-changing risk landscape is more than positive.
Cyber insurers in Europe are not afraid of cyber but are making smaller steps. And that's good. And if the retention shows a very careful approach, and it's very, very good. And I think that's the way how profitable business can be done in cyber.
It is not like going into the market and trying to get every risk. There are risks you cannot sign. I think this is more or less common knowledge now in the market that there are really parts which have to find other solutions. And if you have this approach, I think you can be very profitable. And yeah, how the attitude is in Europe, and especially in the big markets in Europe.
GEORGY MATOV: All I'm going to add to this is, I absolutely agree with that. But it's all about maturity. And so there is a maturity angle-- capabilities and approach to risk. The other angle is regulatory. So regulators are really, really approaching the cyber market cautiously.
And the expectations around cyber risk and the carriers, the way they expected to approach cyber risk in the way the regulators ask them and expect them to is somewhat different from what we've seen in the US, and, more recently, also in the London market and in the UK market. It's just a little bit more cautious. I don't think frightened or afraid is the right word, so I agree with Kennet on that one.
ANAND PATEL: Yeah, thank you. And I think I just want to bring a couple of those points together. So I think, Kennet, you mentioned that the early adoption in the market was with the larger companies. And then, more recently, that's now started to filter down into that mid-market and the SME space.
And I presume that the coverages, the requirements of those businesses are different for those sort of SMEs versus those large companies. How do you think that the insurers in Europe should be thinking around that SME market? What's particularly different around their needs and, therefore, the coverages and the products and the wordings that people need to offer in order to support that market?
Dr KENNET OTTO: At the moment, from what I observe, is that the market for SME is stabilizing. What does that mean? So on the one hand, you see prices are not changing so much anymore. But there is a very clear attitude towards these SME companies. And that is, the requirement for certain precautions-- I don't know if this is the right word, but a risk information and risk security, IT security that, even as an SME company, you have to fulfill.
So even if the market stabilizes, for everyone, it's clear that IT security is absolutely key. If you don't have the IT security on a level that is appropriate, you will have problems into the market. And that's even more true in the standardized business of SME.
And I think that's a little bit different from the large companies because with large companies, you don't have to argue about IT security. They are doing that because they learned how important it is. Not every SME company can afford this level of IT security. But this is absolutely key to get a good cyber insurance in the market. That's how I see it.
GEORGY MATOV: Indeed, the trend around increase divide between those who can afford to invest in risk management and cyber security infrastructure and those who can't afford. That tends to be the smaller companies, indeed, the SME companies. This divide is growing ever so larger, and that's one of the biggest challenges for the market.
Having said that, the SME segment of the market is increasingly starting to recognize the importance of having cyber cover in place. And so, increasingly, vulnerability scanning companies, service providers that offer service around vulnerability scanning and everything that comes with it, are starting to appear in the continental European market.
So a recent example is Coalition, a well-known player in that space, have set up shop in Germany and have plans to expand on the continent. So clearly, there is recognition that the opportunity is there. And with the right support and services, the market is available, and it is up for grabs.
Dr KENNET OTTO: I would absolutely agree. When I did cyber underwriting some years ago, it was already clear that good underwriting for SME business needs some automization for underwriting. And if an insurer cannot provide that, he will not be profitable in underwriting.
But that does not mean that the level of requirements or IT security that you ask the client to provide, that this is somehow lower. So the underwriting optimization is so important to be profitable. And on the other hand, the underwriting has to make sure that the risks are somehow good level so the protection, the prevention, all of that is made sure by the clients.
ANAND PATEL: Kennet, Georgy, thank you. It was great to hear your perspectives. And to all our listeners, thank you for joining us today. And if you found this interesting, then make sure to join us on future episodes of (Re)thinking Insurance.
SPEAKER: Thank you for joining us for this WTW podcast featuring the latest perspectives on the intersection of people, capital, and risk. For more information, visit the insight section of wtwco.com.
This podcast is for general discussion and/or information only. Is not intended to be relied upon. And action based on or in connection with anything contained herein should not be taken without first obtaining specific advice from a suitably-qualified professional.