Cyber may be the most “underwrite-able line of business”

22nd March 2023

In an interview with Reinsurance News, Josh Ladeau, Chief Executive Officer of Trium Cyber, Syndicate 1322, explains what differentiates the firm from other underwriters of cyber risk.

After gaining approval in November of last year, Trium Cyber is the first Lloyd’s-approved service company to provide coverage for US-domiciled cyber risks, and commenced underwriting on January 3rd, 2023.

Cyber is all the firm does, and for Ladeau, it’s the only line of business in which he has ever had an interest in.

“Beyond providing high quality insurance products and claims response, we want to raise the cybersecurity bar for US-domiciled businesses – much in the way Hartford Steamboiler helped to dramatically improve the safe operation of steamboilers at the turn of the last century,” he said.

“We bring cyber underwriting leadership with consistent and proven performance over 15 years. Underpinning that success is differentiated technical acumen and a proprietary view of cyber risk,” he continued.

According to Ladeau, Trium is the only dedicated US cyber writer in the Lloyd’s market, and when asked how much of a challenge it was to gain approval and acceptance for this business strategy in the London-based marketplace, he noted how there are relatively few monoline syndicates at Lloyd’s in general, and how he believes that “Trium is the only monoline cyber syndicate”.

“The Lloyd’s approval process was quite rigorous, and we were fortunate to have the support of Pelican Ventures, Asta and others to help us navigate through. I experienced just a portion of it having only joined in September, but while challenging, that stringency is some of what makes it a privilege to be part of Lloyd’s,” explained Ladeau.

Discussing how some carriers have been pulling away from cyber, due to loss experience and a lack of reinsurance appetite, Ladeau commented on what Trium’s view is on the current state of the cyber insurance market, and why he feels that the firm has the ability to write this business in a sustainable manner.

“While there are no certainties in cyber today, I personally feel it may ultimately be the most “underwrite-able” line of business; it’s a wholly man-made peril and therefore, to a great extent, learnable and predictable. Contrasting that with property insurance, and despite all the data and modelling, we can’t accurately predict the weather or stop a tornado. With cyber, attacks can be prevented and/or stopped. There is a degree of control in cyber that doesn’t exist elsewhere, and that gives me confidence that it can be written sustainably.

“That said, we’re a long way from having it figured out as an industry and there is mixed reaction among carriers; some have pulled back, but others have entered the space. I think as policy language is refined and we’re able to remove some of the large, systemic loss exposure, both insurers and reinsurers will regain full confidence in the line.”

Additionally, Ladeau also discussed how much of an opportunity Trium sees in US domiciled cyber risks in the future.

“The market is still growing but ultimately it will be a line measured in the tens of billions of gross written premiums (GWP). Trium targets only risks that have made material, appropriate investment in their security posture, which is a minority of US businesses today. With that in mind, I think we can reasonably target $500M in GWP over the next several years,” he noted.

He also added that insurance is not the only opportunity for cyber insurers to grow revenue, and that cyber risk management is a “significant opportunity” as many clients need assistance within the area, and that the industry as a whole has yet to really scratch the surface.

Lastly, when asked whether Trium will be able to help clients to better manage and mitigate their cyber risk, as well as providing capacity to insure it, Ladeau said: “I’ve launched two successful cyber risk management platforms over the last decade of my career, and I’ve always viewed it as a massive opportunity for the industry.

“Consistent with that, Trium is building out our risk management capabilities and we’ll offer all primary clients access to the platform as soon as possible. In the interim, we’ll offer interested clients access to a subset of eventual platform services.”

Adding: “As regards to helping clients, much of the malicious activity we see today isn’t targeted; automated attacks and massive phishing campaigns represent a significant portion of the losses experienced by our clients.

“In many cases, proper patching, advanced network/endpoint monitoring and response technologies, and practiced organizational reaction to an incident can either eliminate or minimize the damage. Trium, and the industry in general, can help clients identify and implement effective solutions in these areas to reduce their exposure, and by extension, our own.”

This article first appeared in Reinsurance News on 5th January 2023. It has been re-produced here with their kind permission.

    Keep up to date with Davies