Cyber MGA Intangic will write war and state-backed risks

Cyber underwriter Intangic will write war and state-backed actor risks, its chief executive has said.

Ryan Dodd, founder and chief executive, said the managing general agent (MGA) had “the ability to write [war and state actor risk] affirmatively” at a time when other markets are introducing tighter exclusions.

“This is a high-frequency thing. It's happening all the time and, frankly, we don't care if it's the Russians, Chinese or North Koreans. If we see that you're being attacked and you suffer a loss, we'll pay you,” Dodd told Insurance Day.

He added the business was confident it would be able to handle a large accumulation event, adding if a state actor was to cause such an incident it would likely be accidental.

“The reason why cyber-Armageddon hasn't happened is because of deterrence. The US, UK and Europe have quite strong cyber capabilities and adversaries know there is a line that should not be crossed,” he said.

He continued: “It is possible that an attack intended to be small and surgical or tactical in nature could accidentally spill over in a chain reaction… Our view is the way our policy is set up, we feel comfortable that we can manage even a large chain reaction risk.”

Many cyber underwriters are currently working to tighten exclusions for acts of war or for cyber breaches backed by state actor. Notably at the end of last month Lloyd’s enforced new mandatory policy wording for cyber that excludes both.

Intangic, which launched last month with the backing of Axa XL, will focus on attritional losses.

The MGA offers parametric cyber cover to large public businesses headquartered in the UK, providing cover of up to £12.5m ($15m) against losses from material cyber breaches.

The product is designed to be used alongside existing cyber indemnity cover for higher tiers of losses and the MGA claims to be the first company to offer a parametric cyber product for public corporations in the UK.

It is targeting $10m in premiums this year and is also launching in the US.

“It seems strange to me that cyber was looked at in the insurance world as a catastrophic, rare event,” he told Insurance Day. “The more I spoke with people on the frontlines fighting the bad guys it was evident this was happening every day.”

Dodd, who comes from a finance and not an insurance background, said he sees cyber attacks as the natural downside risk to the benefits created by technological progress and digitalisation.

“Clearly there are large-scale cyber events that happen. But is it possible that there's something else going on, in the sense that these day-to-day attacks may lead to a certain level of attrition that leads to costs? And wouldn't it be a step in the right direction if we could develop a product that could focus on that?

“You [can get] coverage for that catastrophic event that may not happen. Ok, but what about the things that are happening on a daily basis?”

The parametric product also helps solve the issue of attribution – a problem for cyber insurance at all levels. “It's frustrating for all parties because in cyber it is so hard to prove what happened. How much damage did it cause? Where in the network did it happen? These are really complicated questions,” said Dodd. Attribution becomes harder the smaller the loss, he added.

Intangic’s parametric policy has two triggers that must both be met for a payout to happen. The first is based on a proprietary cyber threat benchmark that Intangic shares with brokers and clients. The second is a loss in share value greater than the market average.

“What we're measuring on the cyber side is the likelihood of a successful attack,” said Dodd. The MGA’s data showed a “clear relationship” between the level of malicious cyber activity and unexpected costs that show up on a company’s financial statement, he added.

Cedants can choose how much cover they want, with higher premiums for higher frequency losses. A 15% loss in share price “is going to be a much more frequent occurrence than say a 30% loss, so obviously the premiums for that would be higher,” said Dodd.

“The data clearly shows – consistently over many years – that companies that are constantly dealing with higher levels of malicious activity tend to have larger financial losses, both in terms of frequency and severity… This is designed to go in and help them refortify so that they don't have ‘the big one’,” he said.