Staying Ahead Of Cyber Juggernaut
A summarised conversation with Mr. Praveen Gupta, MD/CEO at Raheja QBE General Insurance about his perspective on Cyber Security and Cyber Insurance Policy
Whilst the persistent and ever-evolving cyberattacks are estimated to threaten $2.1 trillion in global economic values by 2019 (almost fourfold that in 2015), many economies, including Asian countries (i.e. Singapore, Malaysia, Japan), place cyberattacks amongst top 10 global risks. Despite the efforts to improve cybersecurity infrastructure, at least 500 million personal records are lost/stolen every year, along with 35-55% growth in ransomware and spear-phishing attacks, causing not just data losses, reputational damages but also physical incidents and bodily harms.
At the forefront of proactive cyber risk management, cyber insurance market is rapidly emerging and expected to ten-fold its size, reaching $20 billion by 2025. Such growth, however, is severely hampered by the various obstacles, such as the lack of historical data, incomprehensive cybersecurity information, continually involving cyberattacks, aggregation of cyber exposure, buyers’ inadequate awareness, or the inexperience in underwriting, claims & responses management - all leading to volatility and uncertainty of this evolving risk.
Over the course of few months developing the Cyber Insurance Summit 2018 (Singapore, May 7-10), I've been blessed with numerous opportunities to interview the panel of expert speakers represented at the event, including Ram Garg (GM, J B Boda), Oliver Vale (Head of Financial Lines, Singapore's Zurich), Larie Concepcion (Chief Advisory Officer-FINPRO, Marsh Philippines), Kiran Lockhand (Head - Liability Underwriting, Bajaj Allianz General Insurance), Ronak Shah (Head of Financial & Professional Lines APAC, QBE Singapore), Chris Getty (Cyber & Technology Class Underwriter, Talbot Underwriting), and many more.
Though a little late (as the event will take place in little less than 3 weeks), I believe it'd still benefit to the general members of public, the cybersecurity decision-makers, as well as and especially, the savvy and ambitious cyber underwriters, to find this piece of interview. In this article, we reflect a conversation with Mr. Praveen Gupta, CEO & Managing Director of Raheja QBE General Insurance. While many in the industry ain't unfamiliar with such name (Gupta had published over 150 articles, researches and interviews globally), a conversation with him on the sector in its infancy doesn't bore us out! A veteran with over 4 decades in insurance industry, Mr. Praveen has progressively stepped up his career ladder at The New India Assurance, CGU plc (then Norwich and AVIVA), Allianz, Bajaj Allianz General Insurance and has been CEO at Raheja QBE since 2008. He writes and contributes at prestigious national and international forums and is on Board of Education, Insurance Institute of India; Governing Council of Indian Institute of Risk Management; Member of Australian Institute of Company Directors and a Director at Indo-Australian Chamber of Commerce. He is a recipient of D. Subramaniam Award and SK Desai Memorial Prize by Insurance Institute of India, and a recipient of a special prize from the Geneva Association and the Group Study Exchange Award by Rotary International. Till recently, Gupta was Deputy Chair of the Chartered Insurance Institute’s Diversity Action Group, active member of the D&I and Project Dragon initiatives at QBE AP.
-----------------------------------------------------------------------------------------------------------------------------
Please share some major highlights in your insurance career. Also, what are the most exciting opportunities in Asian insurance?
Praveen Gupta (PG): My early days in Insurance coincided with early days of 'automation'. Hopes for efficiency were rising with the word processor transforming into a desktop. The most remarkable transformation came with the arrival of internet and mobile telephony thereby related possibilities.
The first assignment outside India was Thailand. I learnt there how a market functions in a free pricing environment. Thereafter Hong Kong gave a taste of the hard and soft cycles as the sovereignty changed hands. Hong Kong also gave me exposure to diverse markets - Mainland China, Taiwan, Indonesia and Vietnam in particular. All these markets were at different stages of evolution.
This followed a short stint in the UK when the English insurers had begun to merge ahead of the takeovers. Direct Line was still a telephone driven business model. Those were the nascent days of call centres and outsourcing.
Back in India getting a taste of waiting for the market to open and once opened - riding the rollercoaster changes uniquely local in flavour. It coincided with the retail boom.
My country is actually a United States of India or for that matter diverse like Europe. It would be naive to talk about India as a homogenous market. All kinds of projections only point at the scale this economy will assume in our lifetime. The size and complexity of the insurance business would be a function of that.
All Asian economies will continue to grow. Apart from China and India, I am particularly bullish about Indonesia and Vietnam. I also believe Sri Lanka could be another Singapore. We are already seeing intra Asia trade grow significantly. This is bound to spur not just the Marine portfolio but will also give a new meaning to supply chain exposure. The integration will not be just manufacturing related but into services. The digital reality and the new economics could eventually make political borders redundant. Apart from scale, this presents an exciting opportunity for insurers to reinvent themselves. There will be many more Alibabas and Lemonades for sure!
Speaking about Cyber, how will recent global cyber events affect cyber insurance coverage demand in India - specifically regarding major industry, sectors that are most prone to and vulnerable to cyber risks?
PG: Even though the risks of data breaches, hacking and ransom-ware continue to rise, as of now there is more talk than real demand for cyber insurance. Incidentally while the supply side is growing, the pricing pressure is already visible. The most prone and vulnerable businesses according to a recent report in The Economic Times are biggest Indian conglomerates, mid-scale companies based in tier 2 or tier 3 cities and the country’s biggest banks; everybody is being targeted by the hackers. The breach attempts are not just basic but getting sophisticated by the day. Indian companies according to the same report lose anywhere around $ 4 billion every year due to cyber-attacks.
India not only has a rapidly growing penetration of internet via hand-held device, it is also one of the faster growing Smartphone using populations. Both digital natives and migrants are rapidly growing. Government's initiative to raise financial inclusivity has brought a big chunk into the fold of banking. All these undercurrents are driving trade in service and products on the internet. This will be a major spectrum for cyber insurers to play.
Let us also remember that India is the world's back-office. Here I am inclined to quote Sian Fisher (CEO of the Chartered Insurance Institute) on her predictions for 2018. "Looking at the really huge events of the last 20 years, from 9/11 to Brexit, they were all events that people knew could happen, but didn't believe would happen... If we ask ourselves what kind of event fits into that category, I think one plausible answer is a global breach of data security that causes an unprecedented amount of disruption.
Imagine scenarios where say Aadhar is hacked in a manner similar to Equifax? What if smart-phones are attacked by the next WannaCry? Is the critical infrastructure vulnerable to attacks similar to those that affected power plants in Ukraine? Also worth considering is when will the first act of cyber terrorism occur in India?
Well said! Southeast Asia also has varied rates yet fast-growing penetration of internet and mobile phone. Meanwhile, the cyber insurance is, like India, more talk than real demand. We have also seen more and more (re)insurers to experiment with the cyber pie especially in Singapore. Will this region differ much from India with regards to cyber insurance demand and what will be your perceived implications?
PG: Singapore mirrors any other developed country. Being a rich city state it would be less diverse and represents an upmarket segment. Other SEA countries are at different levels of evolution. However, they are converging towards becoming urban middle classes. Thanks to rapid advancement of technology, they will all leap frog from current levels to a level playing field
What plans does Raheja QBE have to maximise its impact on cyber insurance market?
PG: Raheja QBE is in the process of launching a cutting edge standalone Cyber solution and is also beefing up its ICT product with a cyber component. The key proposition is its claims support protocol.
Will there be cross-class cyber policies? Cyber insurance claims protocol can also be very sophisticated – could you share some challenges and resolutions along the way launching Cyber solution?
PG: When I say we are in an 'Industrial Revolution' mindset, I also mean that we are very silo-centric. Cyber is an underlying risk across all forms of exposures - physical assets, supply chains, fiduciary and reputation. I believe not only does it call for a different approach but will also influence the physics and chemistry of old world insurance.
How do you personally imagine (re)insurance company could go about structuring their organisation to continually adapt to ever-evolving threats, maximise effectiveness in developing profitable cyber liability products and market, while being resilient at risk transfer?
PG: I think the insurance industry ought to be more proactive. There is so much sitting in the realm of Science Fiction that can keep us ahead of potential shocks. It calls for a greater engagement, like never before, with all key stakeholders - Gen Y & Z, domain experts and last but not the least close ties between the industry and governments. The reinsurers and insurers ought to be agile on these and many more fronts. The current structures need to be seriously revisited. Products have to be co-created and we cannot have a take it or leave it mind set. Moreover, this is a portfolio which requires a war chest - that will only come from responsible pricing. The cyber portfolio will witness both high frequency and high severity claims from across the spectrum of portfolios. Unless adequate premiums are charged - it would bleed insurers/ reinsurers.
While every country differs with regards to regulatory developments, is there any common consensus as to how to push forward economic efficiency - for example in Southeast Asia? What are your thoughts on regulation and industry collaboration?
PG: As its economy increasingly grows on a cyber backbone, Asia will be more vulnerable to cyber events than any other geography. There is much to learn from the European Union. For instance, the European GDPR is a far-reaching regulation that Asia can adapt. Perhaps ASEAN might already be considering something on these lines. The cyber world is borderless hence it ought to nudge all countries to collaborate closely. The Cyber world is not a Y2K situation that will come and go. It is here to stay and will reinvent businesses including financial services. Collaboration is a 'karma' we cannot ignore.
Thank you very much! What would you like to take away from Cyber Insurance Summit 2018? And what will you be sharing at this conference?
PG: Conviction and a plan of action to deal with the reality of a Brave New World!
Note: This release of this article fully respects the copyright reserved by Equip Global (the organising committee of Cyber Insurance Summit 2018 in Singapore, May); follows the acceptance and wishes of the interviewee; but may not necessarily reflect the view of Raheja QBE GI. The author doesn't plagiarise, not in representation of Equip Global, nor release information without consent of any party.