The number of captive insurance companies writing cyber liability insurance continues to grow at a rapid pace, as large companies use their captives to support innovation in technology and business models.
The number of captives writing cyber liability coverage over the past five years has grown by 95%, according to Marsh’s The Captive Landscape: Securing Your Future With a Captive report. Captives writing cyber liability increased by 15% in 2018, having already grown 10% in 2017, 19% in 2016, and 30% in 2015.
Some companies are already using captives to tackle emerging cyber and technology risks through advanced analytics, and to fill gaps that commercial insurance does not address, according to the report.
Cyber was said to be a growth area for captives across most sectors including; financial institutions, health care, retail/wholesale, manufacturing, and communications, media & technology.
New technology risk is expected to be a growth area for captives, according to a recent Excellence in Risk Management survey published by Marsh and RIMS. Captives have proven to be effective in financing self-retained losses, providing their owners with flexible options to finance emerging and high-severity risks, such as cyber liability and terrorism.
More than half of survey respondents said they plan to write additional exposures using their captive in the coming years.
For example, health care companies could use captives to provide solutions for emerging cyber risks, such as the internet of medical things, while manufacturing firms could use captives to cover risks arising from autonomous vehicles, smart factories, and 3D printing.
Captives in the energy, food and financial services sectors could use their captives to facilitate cover for risks associated with emerging technologies such as; blockchain, artificial intelligence and the internet of things.
Emerging technology can create new risks to insure, according to the report. For example, distributed ledger technology, such as blockchain, enables multiple parties to record ownership of assets, without any single party being able to change or tamper with the records.
Registering data on a blockchain essentially creates a digital asset in a process known as “tokenisation”.
As blockchain is a new technology and loss exposures are not yet well understood, the commercial insurance marketplace finds “tokenised assets” difficult to insure. However, there is an opportunity for captives to offer tailored coverage for blockchain risks.
Captives can provide cover for other difficult-to-insure risks, such as cyber terrorism. Whether a cyber incident compromises internal or customer-facing systems – or an act of cyber terrorism shuts down an organisation – a captive can provide valuable financial protection alone or in combination with commercial insurance.
Captives can also be used to access cyber terrorism insurance offered by state-backed terrorism facilities. For example, US captives accessing the Terrorism Risk Insurance Program Reauthorization Act for property can also buy cover for cyber terrorism events, if they are certified by the Secretary of the US Treasury, pursuant to TRIPRA.
In the UK, captives can buy property damage cyber terrorism cover from Pool Re, the country’s state-supported terrorism reinsurer.
The advantages of a captive can be aligned with internal stakeholders’ objectives, including the Chief Information Officer (CIO) or Chief Technology Officer (CTO). For example, capital and surplus from a captive can fund analytics and cyber risk assessment services to enhance data security.
Captives can also enhance data collection on cyber risks, and facilitate risk-data sharing across an organisation to inform business decisions.