Cyber rules RIMS

As far as I could tell, the most popular word aside from “Bourbon,” “jazz” and “Advil” at the RIMS Annual Convention was “cyber.”

Cyber, Tech E&O, D&O, crime, property…someone somewhere was having a conversation about the various cyber-related exposures companies face, where coverage exists and for how much. If you weren’t involved in a conversation, you could overhear one.

John Doyle, CEO of Global Commercial Insurance for AIG, said as much during a panel of senior executives. He said in”every single meeting with a client” cyber was a prominent topic.

Executives are definitely worried. About their companies’ balance sheets and their own backsides. If executives aren’t asking the questions directly, they are more prone to listening to risk managers and/or CISOs.

Pat Gallagher, CEO of Arthur J. Gallagher, said that if enterprises do not rank cyber at the “absolute top of a list of things they are working on and thinking about every single day,” they better make a new list. If not, they could wind up like one client who has the “NSA living in his office” following an event.

It seems businesses are certainly aware of the risk, but are not aware of where their cyber exposures can surface. But they are asking for help from the insurance industry, which is acting in a much greater role than simply a place to transfer risk. Many have partnered with firms to mitigate loss on the front and back side of cyber risk.

Insurers’ approach to cyber is “as much about risk management as insurance,” said Dominic Casserley, CEO of Willis Group.

Demand is increasing, purchases are accelerating, pricing the risk is a bit less of a guessing game thanks to loss history but this is a moving target due to nature of the risk, which is far from stagnant. The industry is learning too, after all.

“No one really knows where it’s going,” said Casserley of cyber.