Highlights
- In remarks made at Berkshire Hathaway's annual meeting, Ajit Jain, thecompany's senior insurance officer, and Warren Buffett recently cautioned about the possibility of "huge losses" in cybersecurity insurance.
- Buffett used Charlie Munger's "rat poison" term to characterize the boom and voiced concerns about agents hurrying to sign up cyber insurance clients without sufficient actuarial data and risk analysis.
- Notwithstanding Buffett's acerbic remarks, Fitch Ratings ranks Berkshire Hathaway as the sixth-largest cybersecurity policy provider in the United States; that being said, the market is still small but rapidly expanding, accounting for less than 1% of all policies issued.
During the company's recent annual shareholder meeting in Omaha,Berkshire Hathaway, a major player in the insurance market, sent a message to investors through Ajit Jain, the top insurance executive, and Warren Buffett. The message was that although cyber insurance is currently profitable, there are still too many unknowns and risks for Berkshire to feel completely comfortable underwriting.According to Jain, cyber insurance is now "a very fashionable product" at the annual convention. Additionally, insurers have profited from it, at least thus far.
According to him, present profitability is "fairly high," with insurers pocketing at least 20% of the whole premium. However, agents are being advised to exercise cautious at Berkshire. One of the main causes is the challenge of determining how damages from a single incident don't compound into a collection of possible cyber losses. Jain used the fictitious scenario of the platform of a large cloud provider "coming to a standstill."
"We're afraid because that aggregation potential can be enormous and we can't have a worst-case gap on it," he remarked.
Cyberspace is the only area where such a problem arises, according to Buffett. "A combination of hazards that you never imagined could occur and they might even be worse than an earthquake somewhere."
Berkshire is a company that offers cyber insurance.
While part of Berkshire's skepticism is justified, industry observers generally believe that the cybersecurity insurance market is stabilizing as it becomes profitable. Senior director Gerald Glombicki of Fitch Rating's U.S. insurance group also notes that, in spite of Buffett's caution, Berkshire Hathaway continues to issue cybersecurity coverage. Fitch's analysis places Berkshire Hathaway as the sixth-largest issuer of these kinds of policies. The two biggest are AIG and Chubb, in which Berkshire just disclosed making a significant investment.
According to Glombicki, "many insurers are still able to make money with cybersecurity insurance right now." Glombicki claims that it is still a very small market, accounting for just 1% of all insurance issued. The tiny size of the cybersecurity industry allows insurance companies to experiment with different policies to determine what works and what doesn't without taking significant risks.
AIG, Chubb, and Berkshire all declined to comment.
"I understand where [Buffett] is coming from, but I think it is really hard to avoid cyber risk entirely. There is an element of unpredictability that is very unsettling," Glombicki said. However, he noted that there hasn't been any noteworthy litigation that determines liability or examines the limits of the insurance, so some insurers might move more cautiously until the courts hear some culpability cases might cause the company to fail Buffett states.
Even with a $1 million cap per policy, the issue of writing a lot of policies arises if a "single event" turns out to touch 1,000 policies. Buffett remarked,"You've written something that we're not getting the right price for and could break the company."
While some prominent figures have advocated for some form of government cybersecurity backstop, such as former Homeland Security chief Michael Chertoff, who currently operates a global security risk management firm, the majority of experts don't think it is necessary at thistime. While the federal government is considering their options, according to Glombicki, intervention is unlikely to occur unless something unusual happens to trigger it.
According to him, any government action "will probably happen after a big, expensive cyber-incident." "The government established a terrorist risk program following September 11, 2001. We haven't yet witnessed an attack that magnitude in the cyberspace. We are still in the planning stages of potential strategies.
Data on cyberinsurance demonstrates expansion and market confidence.
Although there aren't many cybersecurity regulations being written right now, researchers predict that this will change.
According to Insurance Information Institute spokesman Mark Friedlander, "rates are declining, which shows stability in the market." Its data indicates that over the next ten years, cyber premiums are expected to quadruple.
The total premiums in 2022 were $11.9 billion. According to Friedlander, they should quadruple to $22.5 billion by 2025 and reach $33.3 billion by 2027.
"This is undoubtedly one of the insurance markets with the fastest growth rates. Friedlander noted that more businesses than ever before are creating cybersecurity insurance, attributing insurer confidence to more advanced underwriting and stable rates. He pointed to a 6% drop in cybersecurity insurance prices in the first quarter of 2024 as evidence that insurers are becoming more comfortable entering the market, which follows a 3% fall in 2023.
The decrease is noteworthy because most commercial insurance, including property and vehicle insurance, has been rising. It indicates stability and a reduction in the intensity of claims, according to Friedlander.
Additionally, since they have the resources and information to assess risk, more insurers are joining the market. You will be able to accomplish it at sound rates if you can. You're losing money.
Buffett disagrees with his senior insurance lieutenant. The "loss cost" of insurance, or what the cost of goods supplied might be in this case, is what is holding Berkshire back from making a more significant investment in cyber insurance. Jain stated that over the previous four to five years, losses had been "fairly well contained" at not more than 40 cents on the policy dollar. However, he added, "there's not enough data to be able to hang your hat on and say what your true loss cost is.”
According to Jain, agents at Berkshire are typically discouraged from writing cyber insurance unless it is absolutely necessary to fulfill a certain client's demand. Even if they succeed, Jain tells them that they will always be losing money since, regardless of how much they charge, they are always losing money when they create a cyber insurance policy. We can debate how much money you're losing, but the important thing to remember is that you're not profiting from it. And from there, we ought to proceed.
According to Google Cloud, the concerns are exaggerated.
Majumdar News - Origin Of Authentic News
Cyber risk is perceived as being too unpredictable to insure systematically since it is evolving so quickly, according to Monica Shokrai, Google Cloud's head of business risk and insurance. However, she went on to say that perception and reality don't match and that risk can be mostly controlled.
She remarked, "We don't hold the same view as Warren Buffet on the topic." According to Google, most cyber damages can be avoided or lessened by practicing basic cyber hygiene.
"You can get to a place where your controls are in a much better place, where the risk is more manageable, by understanding security," Shokrai stated. On the other hand, devastating strikes by nation-states belong to a different class and are not common. Currently, insurers are protecting themselves against future risk by excluding some catastrophic events from their policies. Nation-state assaults are excluded from coverage under a number of cybersecurity policies.
"What they have done to manage that is put in exclusions; that includes critical infrastructure, cyberwar, and other widespread disruptive events,"Shokrai said. "What they are trying to do is remain resilient and solvent in the event of a widespread event.”
Subjectivities and ambiguities still exist. What happens if someone falls victim to a cyberattack by an international gang that may have received some additional logistical support but isn't formally affiliated with a nation-state? Is a nation-state exclusion enforceable by an insurance company? Insurance companies disagree on how to classify an accident and assign blame, according to Shokrai. "It is a crucial distinction tha trequires clarification; it is a big debate between insurance companies,"Shokrai remarked.
According to several analysts, the uncertainty surrounding the industry's profit margins is what worries insurance giants like Berkshire and investors like Buffett. However, overall, the business has shown to be sound thus far.
According to Josephine Wolff, an associate professor of cybersecurity policy at Tufts University's The Fletcher School who has been following the changing insurance industry for a number of years, "it is still a viable business model for many insurers." However, she said, pointing out that the recent spike in ransomware over the previous couple of years saw significant payouts by insurance companies — albeit notably still not enough to make the business profitable — and that this did not mean that things were not continuously evolving.
Although it's uncertain how much it would cost, Berkshire does think the company will expand. "I predict that it will eventually grow into a massive industry, but it may also come with significant losses," Jain stated.
Majumdar News - Origin Of Authentic News
"I'll tell you what, when it comes to writing insurance, most individuals want to be in anything that's trendy. Buffett added, "And cyber is a simple issue. You have a lot of writing material. The agents find it appealing. They receive a commission for each policy they draft. As Charlie [Munger] would say, it may be rat poison, but human nature is such that most insurance companies and their agents will become very enthusiastic about it. It's also very fashionable and kind of interesting.
Griffin acknowledges Buffett's prudence, but he believes there is a generational gap in the risk assessment and is upbeat about the cybersecurity insurance market.
When he was younger, "Warren Buffet probably would have called cybersecurity insurance an opportunity," the man stated.
