Large corporate cyber programmes must look to the whole market, as well as consider utilisation of captives and mutuals, in order to find the capacity and coverage required, according to the risk, insurance and captive team at Belgian multinational chemical company owner Solvay.
The challenges of managing cyber security and the role of risk financing was debated at length in a GCP Short, featuring experts from Zurich Insurance alongside risk, captive and information security professionals at Solvay.
Solvay works closely with Zurich on fronting for its cyber programme, which contains large self-retention and captive layers.
โThe cyber landscape of threat is evolving all the time so optimization means for us, in risk management and insurance, to get enough capacity to cover a catastrophic risk scenario,โ said Sonia Cambier, head of corporate insurance and prevention at Solvay.
โIt’s about loss of intellectual property, trade secrets, but also business interruption. It’s clear that there is not enough capacity in the market, so to optimize and to obtain what we need, we use extensively the captive, but also all initiatives to bring capacity into the market like mutuals, like MIRIS, where we are participating.โ
MIRIS is a European cyber mutual launched in December 2022, which Solvay is a member of.
Concerning the evolving cyber threat landscape Xavier Paulus, Solvayโs deputy chief information security officer (CISO), also joined the discussion to provide an assessment of current trends and what direction cyber risk is heading.
He said Solvayโs cybersecurity strategy is built on the three pillars of defence, resilience, and insurance.
โThe defence pillar is all about implementing strong cybersecurity measures to prevent cyber-attacks from succeeding,โ Paulus explained.
โIt includes cyber threat intelligence that allows us to receive real-time information on emerging threats and vulnerabilities, and that helps us to identify and respond to potential attack proactively.
โThe resilience focus on our ability to detect, to respond and to recover from cyber incidents. That includes a robust incident response plan, backup and disaster recovery strategy.
โFinally, we also have the insurance pillar that provides a protection against the financial and the reputational damage that can be caused by a cyber-attack.โ
Xavier Groffils, the Luxembourg based captive director for Solvay, explained that the groupโs captive plays three key roles in financing cyber risk.
โThe first one is to be a first layer cover to increase the attachment point for the insurance market, so that they are attaching much higher than just after the true deductible,โ he said.
โThe second role for our captive is to work as a solution to cover gaps in the insurance market capacity.
โGenerally, you can sometimes find a fronter and first layer insurer, and then you find high excess cover, but sometimes you are not finding the in-betweens very easily and so the captive is sometimes a facilitator in order to close your capacity.โ
The third and future role for the captive is on risk prevention.
Cybersecurity and prevention
Cambier said she expects the captive to play a role โmore and moreโ in financing cybersecurity initiatives at the group level to reduce the risk of future losses.
โHistorically, we have always been focusing on prevention first before insurance,โ she added.
โWe are taking a huge self-retention, we have a big captive, but the next role for the captive to play is to help investing in resiliency and risk prevention in respect of cyber.
โWe are, with Xavier Groffils, developing a project where a percentage of the captive premium will be dedicated to prevention to provide additional resource for developing programmes, training and so this is the next step.โ
Vivien Bilquez, principal cyber risk engineer at Zurich Resilience Solutions, said cyber insurance is โthe most important safeguard today, but it is triggered when it is too late, when the bomb has explodedโ.
โTo limit and avoid it, it is crucial to be prepared,โ he added.
Risk, insurance, CISO collaboration
Collaboration between group risk and insurance, those responsible for the captive and the CISO was the key to designing and implementing a fit-for-purpose risk financing strategy for cyber.
โA collaboration at the level of risk management and cyber security with regular meetings to update each other, that’s a basic, but important thing to mention,โ Groffils said.
โCollaboration is key because it’s not possible to be efficient by working in silos on the risk prevention and the risk financing since all represent the three risk protection pillars, that’s our philosophy, especially for cyber risk. All aspects must collaborate together in order to develop the best solution for the company.โ
Andreas Ruof, head of proposition development & senior captive services specialist at Zurich, said he expected to see more risk managers going down a similar path and utilising their captive to access greater capacity, contribute to group cybersecurity efforts and understand and market the risk better.
โMore and more risk managers are leveraging their captive to centrally collect high quality cyber claims and cyber incident data,โ he said.
โIt enables superior cyber risk analysis, risk insight and, as a result well-targeted, effective cyber risk mitigation measures. Over time, the cyber risk quality continuously improves which can further boost your captiveโs cyber underwriting profitability as well as your cyber risk marketability.โ
Listen to the full GCP Short discussion here, or or any podcast app. Just search for โGlobal Captive Podcastโ.