News by sections

News by region
Issue archives
Archive section
Emerging talent
Emerging talent profiles
Domicile guidebook
Guidebook online
Search site
Features
Interviews
Domicile profiles
Generic business image for news article Image: kras99/adobe.stock.com

14 April 2022
US
Reporter Rebecca Delaney

Aon: Cyber captives “can only continue to gain traction”

The longer-term dynamics of captive use for errors and omissions (E&O) and cyber coverage are yet to emerge as cyber remains in the incubation phase, according to a market review by Aon. The 2022 E&O and Cyber Market Review anticipates that the marketplace will remain tough in 2022, although pricing pressures will be less severe than in 2021. Another significant market challenge is the increase in ransomware attacks, marking a 323 per cent increase from Q1 2019 to Q4 2021. Some industries are more vulnerable to cyber attacks than others, including healthcare, manufacturing, higher education and the public sector. This is because of decentralised security strategies and heavy mergers and acquisitions growth strategies, which make it more difficult to constantly align security controls. In addition, Aon notes client segment differentiation across company size. Fast-growing companies that are still developing strategies and determining appropriate resources for network security, privacy and contractual risk management are likely to have more vulnerable security controls. In these difficult market conditions, a captive can be implemented in a transactional manner as risk professionals look to understand the underlying risks facing organisations. Aon’s review says: “Given the deterioration in the cyber market, captives should be considered by organisations examining their cyber and E&O risk financing approach. At their core, captives can provide short-term relief from cost pressures by reducing premium outflow while bringing longer-term programme sustainability by using profits accrued to help build a more self-sufficient risk financing dynamic.” The review outlines two tactical reasons for forming a cyber captive. Firstly, to increase the attachment point of the primary market, which helps to avoid negative market reactions while focusing on available risk transfer capacity. Secondly, to fill gaps in excess layers to fulfil the layer, and to open up additional capacity in additional excess layers. The reviews references the findings of Aon’s 2021 Captive Benchmarking Survey, which found a 650 per cent increase in cyber premium retained in captives since 2018. However, the survey found that the extent of captive utilisation to address the needs of organisations facing these conditions remains disproportionately lower than the extent of the challenges. Financial institutions and healthcare organisations are the highest users (30 per cent) of captives for cyber, owing to the risk profile of these segments and typically higher levels of risk maturity in these industries, given stricter regulation and the more severe consequences of a cyber attack. Although the E&O and Cyber Market Review says that risk financing maturity is on an upward trajectory, this is still at a relatively early stage. For example, many organisations that place cyber in captives rely on management intuition or market dynamics or benchmarking to inform their risk management approach, while only a minority use deterministic modelling or qualitative analysis. However, Aon’s analysis of its cyber captive datasets determines no distinct risk transfer purchasing trends or significant insurance markets, which indicates that the longer-term dynamics of captive use are yet to emerge. The review says: “The prominence and ubiquity of cyber risk suggests that captive use can only continue to gain traction… For a captive strategy to have optimal impact, it should be anchored in supporting the alignment of the risk and network security communities. This can help drive maturity around insurance purchasing behaviours, while emphasising risk governance and claims control.” “Cyber, although no longer emerging, can still be considered in the “incubation” phase for captives, mainly because the traditional risk management approach and the network security communities are not fully aligned. However, reframing the captive from a tactical, transactional play to something linked to the broader maturity development of risk will help accelerate this alignment,” the review concludes.

Error querying database