Human error is the ’biggest vulnerability’ when it comes to cyber attacks, says the insurer 

Global ransomware attacks have increased materially since 2019, according to Joanne Musselle, Hiscox’s group chief underwriting officer.

Speaking during the insurer’s webcast yesterday (3 August 2021), Musselle confirmed that this trajectory is why the insurer continues to take action in the cyber arena.

Musselle said that similarly to the rest of the insurance industry, Hiscox has noticed an increase in “frequency and severity” of ransomware attacks across a number of its markets, particularly in the US.  

“We saw early signs of this emerging trend three years ago and have been undertaking portfolio action since 2019,” she said.  

For example, in 2019, Hiscox updated its cyber risk appetite by revising cyber products across the group and setting minimum underwriting standards.  

A year later, it reduced its line sizes and primary lines, as well as excluded the highest risk industries for ransomware.  

This year, it has re-priced its cyber portfolio as rates continue to gather momentum, while also looking at ongoing changes to cyber product re-design.  

Musselle added that the cyber, product retail and space lines have “hardened significantly in recent months”.  

Biggest vulnerability  

Musselle continued: “Although we are a tier two player in cyber, we have adjusted the cyber risk appetite and taken corrective action, focusing on customers with lower revenues in retail and reducing exposure to lower attachment business and big ticket.  

“In addition to the underwriting action, we have also put through material re-pricing - this re-pricing is gathering momentum and in Q2 the average increase across the whole of our portfolio is over 30% and is now up 16% since 2019.” 

However, Hiscox also places great importance on ransomware mitigation actions - Musselle stated that “human error is by far the biggest vulnerability when it comes to cyber attacks”. 

“We incentivise our small business customers to attend the Hiscox CyberClear Academy, an approved training programme to help counter cyber risk,” she continued.

”To date around 5,000 businesses have gone through the programme and early indications show a positive impact on their loss ratio for those that took part. 

“We are also introducing changes to our cyber product offering, as well as using third party data and models.” 

Future of underwriting  

Musselle stressed that it was not just the cyber product line where Hiscox is using technology to its advantage - the insurer is increasing its use of technology across the portfolio to improve its underwriting.  

It is focusing on utilising technology across four key areas – risk selection, customer experience, distribution and underwriting efficiency.  

In terms of risk selection, for example, Musselle detailed a situation in the UK where Hiscox partnered with a third party data provider and discovered a strong and consistent predictor associated with ghost Post Office boxes.    

“Customers registered at these are costing us £10m per annum, running a loss ratio of around 300%,” she added.  

As for customer experience, Hiscox launched an app in Europe to help customers assess the value of their classic cars.  

Meanwhile, to enhance its distribution strategy in the London market, the insurer has extended Hiscox Plus’s flood and household offering to commercial lines.  

Lastly, for underwriting efficiency Hiscox has embarked on an IT programme across all of its retail platforms - it has an ambition to underwrite 90% of this type of business without referral to an underwriter.