The 2023 RIMS’ Riskworld conference took place last week in Atlanta, and on the latest episode of The Insuring Cyber Podcast, two guests shared the biggest takeaways from the conference this year.
Paul Bantick, global head of the cyber and tech team at Beazley, shared that while the cyber insurance market has been able to return to profitability, it has become much more competitive in 2023.
“We’ve seen that in the last 12 to 18 months, frequency of claims has come down, and it’s probably due to the underwriting and focusing on controls of clients, making sure that the industry’s focused on clients that are less likely to have some kind of cyber attack,” he said. “With the increased pricing we’ve seen in the last two years combined with frequency coming down, we always knew that was the plan — to get back to profitability because we weren’t in profitability for several years — and that’s happened. So, what that’s naturally led to, as with any short-tail market, is a bit more capacity coming in and a little bit more competition.”
While frequency and severity have dipped temporarily in the cyber insurance market overall, Bantick said, the environment has been different in the healthcare space. Caroline Clouser, executive vice president and North America leader of the healthcare industry practice at Chubb, shared that from her perspective, severity of claims has skyrocketed.
“We’re seeing large verdicts, and medical malpractice is part of that. I would say in the first quarter of 2023, we’ve seen more verdicts in excess of 10 million, and it’s put us on track to be the largest year on record,” she said. “So that frequency of severity has really been impacting our customers every day, and that means that we need to do things differently in protecting them, utilizing without giving away our playbook, utilizing different claim handling techniques to protect their integrity and reputation.”
Beyond medical malpractice, the healthcare industry took a hit last year in regard to ransomware, Clouser added.
“Ransomware is big, and I would say looking at 2022, that was the highest ransomware against healthcare facilities on record,” she said. “So, we’re seeing the medical records being stolen, and what does that mean for our insureds?”
Surprisingly, Clouser shared that when a ransomware attack strikes, the initial response may seem counterintuitive given the transition to the use of technology and telehealth methods accelerated during the COVID-19 pandemic.
“It means that [insureds] have to pivot to paper very quickly, and a lot of our healthcare providers aren’t used to dealing with paper,” Clouser said. “They’ve grown up in an electronic world, so that pivot to paper can be difficult and really impact patient care. So, what we are doing is working with them to not just identify the causes to really mitigate that risk going forward, to do education and training, but also to make sure that when it does happen, our insureds can make that pivot very quickly.”
One thing the cyber market has proven in the face of growth in the ransomware environment, Bantick said, is that it can be very fast-paced, reacting quickly to changes in the threat landscape.
“What will the threats bring in the next three to six months?” he said. “I don’t know.”
However, new solutions are popping up, and these could be in the form of generative artificial intelligence models like ChatGPT, he said.
“What I have heard it being used for very successfully is defending against attacks because it can learn about how attacks come, and it can adapt to those,” he said. “I think every company’s grappling with [AI chatbots] right now. What should our policy be around these things? Should we allow use of them? And I think this is going to be another big area of cyber that once we get through ransomware, once we get through the conversation on the war exclusions, I think AI and ChatGPT will be the things that we’re talking about in terms of how is that exposure presenting, what does it mean for the threats, what does it mean for security?”
Clouser had a positive outlook on the use of AI in the healthcare space as well.
“Imagine the ability in seconds for artificial intelligence to analyze the national standards of care, the state regulations, the patient medical records, their existing symptoms that they’re coming to the facility with, then analyze all of that and come up with a treatment plan that fits that particular person — a diagnosis and a treatment plan that the healthcare provider can utilize,” she said. “It might be things that they’ve already thought of, it might be something different, but it really gives a more holistic view of how that patient is going to be treated.”
Check out the rest of the episode to hear what else Bantick and Clouser had to say, and be sure to check back for new episodes of The Insuring Cyber Podcast publishing every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening!