Industrializing Corporate and SMB Cyber Insurance - an interview with Dr. Thomas Sepp, Chief Claims Officer, Allianz Global Corporate & Specialty AGCS
As part of the Planck Insurance Thought Leadership Series I had the honor of interviewing Thomas Sepp, AGCS Chief Claims Officer about Industrializing Corporate and SMB Cyber Insurance, his insights are inspiring.
I first met Thomas in late 2006 when I was making my initial steps in insurance. At that time, Thomas was already a partner at McKinsey and an insurance veteran with a deep understanding and experience in both the statistics/actuarial and business sides of the industry.
Since then, Thomas has continued to enhance his expertise and provide value to the insurance industry in senior executive positions at Zurich and now Allianz – across functions and lines of business including underwriting, strategy, and claims. It was an honor to reconnect with Thomas and hear his thoughts on some of the latest challenges and opportunities in commercial insurance.
The full interview can be found here, following please find some highlights.
Thomas discussed how we must move the large corporate insurance industry from a mostly bespoke production model to an industrial production model, supporting reasonable and meaningful tailoring for clients.
Insurance offerings for large international companies require several capabilities. Among others - risk assessment, claims handling, deployment of own capacity, use of reinsurance capacity, a global network for policy issuances and claims handling, and a global financial transaction capability. Insurance contracts in these situations cover many aspects of risk transfer and many of them have client-specific components. International insurance programs (IIPs) add further operational challenges.
Thomas believes that going forward we need an operating model that plays at a completely different level. We need engineered yet generic product models that are configured for clients and have a clear link to the wording that we give to clients. Such product models will cater to the needs of an IIP, including own policies, assumed policies, and reinsurance cessions. Claims payments can then be more accurately assigned to specific coverage elements and ultimately support improved pricing and risk selection; and Finance support with premium bookings and risk-attaching reinsurance will become more efficient. In addition, such an industrialized model will create stable and repeatable processes with no errors and no waste enabled by a fit-for-purpose IT system.
In Cyber Insurance Thomas sees a twofold story - one for large corporate customers and one for mid-sized companies.
For the large corporations, we have seen a relative increase in cyber incidents in 2020, particularly around ransomware attacks. Obviously, frequency is up. But also, severity is going up – higher business interruption costs, higher regulatory fines, higher ransom demands. This dynamic is impacting profitability and available capacity. Independently of the availability of insurance, large corps need to step up their protection game. On the insurance side, we have more data to lean on and more tools to quickly assess the constantly evolving cyber risk landscape so we are becoming more educated and mindful of the operating environment and making portfolio decisions with sustainability in mind.
For a mid-sized company Thomas sees a different story. Many of them underestimate the threat they are exposed to from cyber-attacks. Also, given their size, it will be very difficult for those companies to establish top-notch monitoring and defense capabilities as well as timely patching of vulnerabilities. In this segment, it may need collaboration of industry partners resulting in comprehensive solutions that combine insurance coverage with operational cyber security services such as regular vulnerability scans, endpoint detection, and response capabilities. Thomas is concerned that without such better security services in place, such customers might become non-insurable from a risk perspective. In a way, you can compare it to fire insurance, where you are expected to have sprinklers and other mitigation measures in place and maintain them accordingly, although Cyber is more complex and dynamic.
I highly recommend reading the full interview here.
Software QA Engineer | Quality Assurance Analyst | Black Box & Grey Box Testing | Web & Mobile Testing | Smoke & Regression Testing
3 年very interesting read. thanks for sharing