The cyber reinsurance space has experienced a dramatic evolution in recent years. From cyber barely being acknowledged as a standalone insurance product to now becoming more and more mainstream, reinsurers needed to adjust their view on cyber and reevaluate the way they work with cyber insurance providers. Today, we talked with Julia Cederroth, Sr. Director Reinsurance here at Cowbell about all things cyber reinsurance.
Q: Tell us about your background and why you joined Cowbell.
A: I went to school for engineering since I have always been interested in technological innovation, new ideas, and contemplating how established practices can be improved. After college, I started my career in banking and consulting as a cyber specialist. Back then, cyber insurance was starting to become more popular but was only purchased by large financial institutions.
I decided to make a lateral move to insurance broking and soon after that, reinsurance broking. I saw a unique opportunity in cyber re/insurance for women and young professionals keen to make an impact in a “new” line of business with a lot of unknowns and an evolving risk landscape.
I focused on complex, large cyber treaties for traditional insurers – and the considerations for underwriting and modeling the risk in the early years were borrowed from established lines like Financial Lines, Professional Liability, and Property. It made sense for traditional insurers to leverage their top-notch experience in these for a new line like Cyber, but there was a sense that we could be leveraging more technology for a tech-driven risk. It was exciting when tech companies started to enter the space to introduce innovative ways to automate how insureds purchase insurance, but the deep P&C insurance understanding was underweight.
I learned about Cowbell a few years ago. What immediately stood out to me was that the company has co-founders from both the cyber and insurance space. Its culture values insurance and technology skills equally, and teams collaborate frequently. It was a striking balance I hadn’t observed in 10+ years of watching cyber insurance mature, and I knew I wanted to be a part of it.
Q: How is reinsuring cyber different from other lines of insurance?
A: Reinsurance pricing and purchasing are tied to the ability to financially model the amount of potential downside and upside a re/insurer has the appetite to take. Decades worth of claims data helps refine these models to understand what a bad year vs. a good year could look like, and more years of experience directly impact the credibility of a portfolio.
Cyber is newer, and so the breadth of claims data was not initially available. Additionally, we observed the nature of cyber claims evolve over time as the types of attacks changed. The insights you can glean from data privacy claims 5+ years ago were not helpful in predicting and pricing for the influx of ransomware claims in 2019.
The ultimate downside events, also known as catastrophic events, are a chief concern of reinsurers who help make sure claims are paid when a large event occurs. Cyber can be disconcerting when industry experts and even mainstream media agree there is potential for cyber attacks on a global scale. But we haven’t seen that widespread event yet, which leaves reinsurers modeling to hypothetical scenarios that are challenging to anchor to actual numbers.
So the tried and true way to underwrite reinsurance was challenged by this dynamic, and only a certain number of reinsurers were comfortable writing cyber. Meanwhile, more and more insureds need cyber coverage but only have a limited amount of reinsurers to back their cyber growth aspirations.
Q: What are initiatives that make cyber more attractive to reinsurers?
A: One concern that many reinsurers have when it comes to cyber is that small and medium-sized enterprises (SMEs) need a better cyber risk profile. But this is where a huge opportunity lies. While SMEs often don’t have the same cybersecurity best practices put into place as large enterprises, it is much easier to help them with implementation, and Cowbell does a lot in this space.
For example, smaller revenue companies can more quickly remediate cyber vulnerabilities and utilize our cybersecurity marketplace, Cowbell Rx, than larger enterprise organizations due to less red tape and a shorter decision-making process.
Cyber risk improvement is so impactful for SMEs since more often than not, they fall victim to a crime of opportunity like a mass phishing email and bad actors expect them to have no backups or offline data – and therefore have no other recourse but to pay a ransom.
And we have results to prove this! 100% of our policyholders who had an audit with our risk engineering team – a service that is free of charge for all policyholders – have not faced a ransomware incident. Additionally, we can demonstrate improvements in our policyholders’ risk ratings, also called Cowbell Factors, in just their first year with Cowbell.
Q: How does Cowbell work with its reinsurers?
A: By virtue of partnering with fronting carriers and spreading core products such as Prime 250 across three programs – Cowbell is constantly engaged with the reinsurance community throughout the year. Both our fronting carriers and reinsurance partners play an important role in Cowbell’s ability to do business.
Cowbell also operates a captive, Cowbell Re, as well as our newly created full-stack carrier Cowbell Specialty. Via these vehicles, we can take risk – in addition to the risk we cede out to reinsurers.
In a dynamic line such as cyber, I believe the knowledge sharing between the insurer and reinsurer is critical – we highly value the insights of our reinsurers and ensure we are updating them with the trends we’re seeing in the field at a regular cadence. The transparency of our partnerships is invaluable for us, and I think the expertise we can offer them is useful as well.
Lastly, while cyber cat models and reinsurer models have not traditionally been tailored to SMEs, Cowbell has been able to share insightful data with the cat modeling and reinsurer community to evidence why there should be less punitive outlooks on SME portfolios.
Q: How do you see the future of cyber reinsurance?
A: As the cyber insurance market continues to evolve, the reinsurance market will mature with it. The expectation for 1-2 years now has been for ILS markets to enter the cyber space and inject more capital. In early 2023 we saw the inaugural cyber cat bond placed which is promising progress. In the near future, traditional reinsurance markets will continue to play an important role.
With time, as cyber grows globally as a line of business, additional capital will inevitably be needed. Large reinsurer supporters of cyber have been transparent about monitoring their cyber exposure recently, which will hopefully result in other reinsurers seeing an opportunity to increase their cyber reinsurance appetite when they need key partners in order to grow responsibly with a diverse panel of reinsurers.
In the last decade, there has been some reticence from the reinsurance community regarding cyber MGAs. We’ve seen this shift slightly, but it is my hope that hybrid models such as Cowbell can start to be viewed through a different lens. Certain aspects of an MGA or hybrid model are well suited to cyber insurance and its emphasis on high-quality data that can be generated and analyzed at speed. We can be agile with our underwriting technology to effectively pivot in dynamic rate and threat environments. The rich analytics we are able to generate are data-driven insights reinsurers appreciate, so I think there is room for expansion in those partnerships in the future.
Q: Is there anything else you want the reader to know about reinsuring cyber?
A: There is never a dull moment in cyber reinsurance. The market’s ability to shift rapidly continues to keep me on my toes, and the ongoing learning required for cybersecurity is always exciting. Persistence is key, and we must continue to innovate and educate those with an interest in investing in this space.