APAC cyber uptake still low despite softer pricing, ample capacity
November 5 2024 by Heather NgThe cyber market has been the buzzword for the insurance and reinsurance market in 2024. Carriers and intermediaries have been building cyber capabilities in the region as evident from the frenetic hiring activity.
While softer pricing and ample capacity have led to higher demand for expanded cyber insurance offerings, particularly for SMEs, from both multinational and domestic insurers, lack of cybersecurity awareness and advanced data modelling in the region means the uptake is not as high as it could be, industry experts told InsuranceAsia News (IAN).
“Market pricing is softening, and capacity has increased substantially in the region,” Sie Liang Lau, head of cyber at Gallagher Re, told IAN.
Consequently, there is a growing demand not only from multinational insurers’ perspective but also from domestic insurers looking to expand their offerings.
However, while there is plenty of capacity, uptake remains low as the value of cyber insurance is not recognised by all potential buyers, said Natalie Miladinski, cyber underwriting manager, Asia Pacific, HDI Global.
She highlighted the necessity for better risk awareness and understanding of the product as “cyber insurance offers more than just policy wording; it also provides access to expert vendors and services to assist insureds in managing cyber incidents.”
This lack of understanding among buyers was mentioned as a significant challenge during the APAC Cyber Risk & Insurance Summit 2024 on October 24, organised by InsuranceAsia News.
During a fireside chat at the event, Gallagher Re’s Sie stressed the importance of cyber insurance in providing immediate response services in the event of a breach.
Real-time monitoring tools can help underwriters assess clients’ risk profiles, he said.
He also pointed out that education is essential, as a significant cyber protection gap persists, particularly in emerging markets where awareness of cyber risks remains low.
Asia is a very risk averse market and companies are not willing to discuss or talk about company risks, according to a spokesperson for a Singapore-based cyber insurtech Protos Labs.
Speaking at the summit, he stressed the importance of changing this mindset as having clear transparency and visibility of risks can help companies identify pain points and provide better solutions for cyber risks.
“Organisations across various sectors are recognising that cyber risks extend beyond mere IT issues. They can affect a company's reputation, financial stability, and operational continuity.”
Sie Liang Lau, Gallagher Re
Samuel Bye, head of cyber for Asia and the Middle East at Axa XL, speaking at the same event, emphasised the critical need to promptly contact experts during a cyber incident to mitigate damage.
“We’ve learned from clients who didn’t contact the hotline and tried to manage the crisis themselves. Within two weeks, they realised they were overwhelmed and needed us to retroactively fix the problem,” Bye said.
Post-Crowdstrike landscape
Despite the softening prices, Sie stressed that risk selection remains crucial.
“Collaborating with reinsurers can leverage traditional markets to underwrite larger and more complex policies,” he said.
Sie added that “insurers and cybersecurity companies working together to reduce overall rates can create mutual benefits, leading to more stable and lower costs.”
“Baseline standardised coverage can help reduce uncertainty around product offerings, making policies more accessible to businesses of all sizes,” he explained.
The breadth of coverage available in the market is relatively consistent across the APAC region, with a shared understanding among insurers regarding the cyber risk gap their clients face, Miladinski noted.
“I believe this consistency is driven by the presence of major insurers in key countries across the region, which supports brokers in educating their clients,” she said.
There is an increasing demand for modular and affordable policies tailored to SMEs and personal cyber needs in the APAC region, according to Sie.
“Even with standardisation, flexibility and scalability are vital to support smaller SMEs and personal cyber policies with modular coverage options that address their budget constraints,” Sie said.
SMEs and personal cyber clients in the APAC region are seeking customisable solutions that fit their specific needs and budgets, Sie explained, contrasting this trend to the western markers where insurance products tend to be less modular and often focus more on larger enterprises.
Evolving threats such as ransomware, phishing attacks, and advanced persistent threats (APTs) are on the rise in the Asia Pacific market.
The increased interconnectivity among businesses also heightens vulnerability in supply chains, making them more susceptible to cyber attacks.
Incidents involving systemic failures, like CrowdStrike, illustrate the widespread impact these threats can have.
“The Crowdstrike incident not only underscored our reliance on technology but also highlighted how interconnected our systems are, reinforcing the importance of IT literacy for restoring business operations.”
Natalie Miladinski, HDI Global SE
“Organisations across various sectors are recognising that cyber risks extend beyond mere IT issues. They can affect a company’s reputation, financial stability, and operational continuity,” Sie explained.
This realisation may lead companies to seek coverage for both first- and third-party risks.
“Some insurers currently do not provide coverage for non-malicious attacks, indicating a need to consider offering optional covers,” Sie told IAN.
“The Crowdstrike incident not only underscored our reliance on technology but also highlighted how interconnected our systems are, reinforcing the importance of IT literacy for restoring business operations,” said HDI’s Miladinski.
“I believe this incident has been a wake up call for companies to ensure they have appropriate risk management procedures in place to handle cyber incidents and outages,” she added.
Regional challenges
The cyber insurance industry is hindered by limited extensive data due to its relatively short history, Sie said.
“That has led to simplified models being adopted by organiszations and therefore the output data becomes highly directed,” said the Protos Labs’s spokesperson.
“We’ve learned from clients who didn’t contact the hotline and tried to manage the crisis themselves. Within two weeks, they realised they were overwhelmed and needed us to retroactively fix the problem.”
Samuel Bye, Axa XL
The threat landscape is evolving and threat actors are leveraging new technology such as deepfakes to gain access to organisations.
“However, there are really no tools currently or data that can be used to calculate this type of threats,” he said.
It is crucial that insurance companies should take into consideration on how to get access to more relevant data that can be used for analysing and risk modelling, he said.
Privacy laws in the APAC region have expanded significantly, with new regulations being introduced in several countries, aiming to align with international standards.
By the end of 2023, privacy laws in the Asia-Pacific (APAC) region have expanded by over 25% compared to 2021.
“China is implementing comprehensive policy laws for the first time, while India and Vietnam are set to introduce new regulations in 2024,” Sie said.
Countries like Australia, Japan, South Korea, New Zealand, and Singapore have established cyber privacy frameworks that aim to align with European standards, such as the General Data Protection Regulation (GDPR), Sie added.
In a keynote speech for Hong Kong FinTech Week, Raymond Cheung, chief executive officer of Insurance Authority, Hong Kong, highlighted the serious consequences of ignoring cybersecurity threats and introduced a cyber resilience assessment framework under the cybersecurity guidelines.
-
Asian carriers must expand on renewables as climate losses exceed fossil fuels GWP
- December 10
Insurers should use their influence on the traditional energy sector that only contributes 2% of the total premium to protect the remaining 98% of their business, say climate activists.
-
IFRS 17 readiness and implementation “not fit for purpose” for some APAC players
- December 6
There are “specific pockets” where problems with IFRS 17 are still manifest in the Asia market, including aspects of reporting.
-
Malaysia’s floods trigger surge in home and commercial property claims
- December 5
The event has also led to significant agricultural and infrastructure losses estimated at US$224m and affected hundreds of thousands of households.
-
India’s plan to relax FDI cap sparks mixed reactions
- December 4
While some praise the potential for growth, others express doubts about the bill’s passage and its impact on local carriers.
-
AXA XL | Low and no-cost cybersecurity actions for companies
Considering the increasing frequency of attacks, the evolving threat landscape, including the use of AI to launch more sophisticated attacks, companies today can’t afford to ignore the possibility of being targeted by cybercriminals.
-
BHSI | Managing non-Asian exposure in long-tail lines
While US-exposed business can look attractive to Asian carriers, managing the volatility around the long-term results and the ability to model those losses are crucial, say BHSI’s Marc Breuil and Marcus Portbury.
-
Sedgwick | To Handle CAT Claims Well, Multi-Step Preparation is Key
When it comes to risk, it’s not a matter of “if” it’s a matter of “when” an event will occur.
-
HSBC Asset Management | Is it time to relook at Asian currency bonds?
With diversification and performance high on investors’ agendas, it seems a good time for global portfolios to revive allocations in Asian local currency bonds – including Hong Kong dollar (HKD) bonds.