Perspectives interview with John Seo, co-founder and managing principal of Fermat Capital

How life insurance might hold the key to closing the protection gap

Perspectives interview with John Seo, co-founder and managing principal of Fermat Capital

The world has a growing protection gap, one that is impossible to close, particularly if the insurance industry’s solution is to continue to adapt the traditional indemnity policy to the rapidly-evolving esoteric risks of the modern world. What might be required for exposures such as cyber and flood thinks John Seo, co-founder and managing principal of Fermat Capital, is a parametric approach to cover.

For me all opportunities fall under the heading of the protection gap, including cyber in the sense that the exposure is huge and largely uninsured and yet the demand for insurance is very high. Obviously cyber insurance exists but the demand for it is much higher than the supply.

How big is the gap between insured and economic losses?

If you identify the total limit within the protection gap of exposures such as cyber and flood etc, let’s say you quantify the risk too and price it up in a very competitive manner and back it with sufficient capital. The total premium that’s needed to cover that entire protection gap is more than can be afforded. The very premise and goal of covering everything is untenable and there’s a certain freedom when you realise that.

What is the root cause of the protection gap?

The industry needs to extend and update a lot of its products. This would help insurers and reinsurers address exposures like cyber and flood risk, which typically have been avoided in the past due to their perceived complexity. From a commonsense point of view, most consumers don’t think those two perils are particularly complex. Your home is flooded or your firm has been hacked and your systems ruined, it’s pretty clear.

Traditional indemnity insurance however finds itself incredibly strained by those types of events when they are interpreted through the legal terms that are normally used to settle a traditional indemnity policy. Unfortunately the response is ever-more complex legal engineering or crafting around coverage terms, which is almost hopeless.

A lot of coverage goes back to the traditional multi-peril policy where many things are covered unless they are excluded. This is where everybody gets themselves tied up in knots and the consumer is effectively left in a protection gap. The protection gap is not fully amenable to the traditional approach to insurance.

How does the industry need to innovate and change in order to offer more meaningful risk transfer solutions?

Look at life insurance. Why is it so much easier to buy life insurance than income replacement insurance? It’s because effectively there is a parametric loss trigger for life insurance and once confirmed, money is automatically settled. The life insurance industry literally figured this thing out over 200 years ago.

Could this approach work for cyber?

Yes, if you were able to come up with parametric cyber coverages that are crisp and clear and cover all the most important scenarios of loss. When you have clear parametric coverages the gaps in coverage are also clear and policyholders are able to understand those gaps and use their actions on a daily basis to address them.

More importantly, for a gigantic open-ended risk like cyber you can never possibly understand the full limit of it. And even if you did, no one could afford to cover it all, so you need to stop trying to design a product that seemingly has the intention of covering it all.

The way the cyber insurance market is currently going at it is they are creating products that are proprietary in form, so you can’t fully transfer loss experience from one policy form to another. This means that actuarial knowledge of cyber risk might not compound fast enough to catch up with the fast moving of the risk itself.

The world has a lot of risk and a lot of it is not covered, but what you don’t want is this perception that people are covered when they’re not. For cyber, we want to have a product where we’re specific about the coverage. Where we might say: if your firewalls are breached, you’re covered. And we’ll only cover them if you’re using this particular, pre-approved firewall equipment. And then it’s okay, because you’re not telling the market to turn their brain off and insureds understand their obligations to defend against cyber losses.

Posted: Monday, June 19th, 2017