Why I joined Lockton Re

In 1999 a virus known as “Melissa” rapidly spread using macros within Microsoft Word and became self-propagating via an early version of Outlook. An estimated $80m of damage was caused and highlighted the potential destructive power of computer viruses, especially when combined with social engineering techniques (in this case the false promise of access to elicit content). The following year in 2000, the ILOVEYOU virus spread like wildfire throughout corporate systems, moving across networks 15 times faster than the Melissa virus. Microsoft at the time had a 95% market share of corporate email networks, and a lack of security patching left many systems vulnerable. A multi-billion dollar destructive attack unfolded, demonstrating the potential impact of this malware. These events served as a catalyst which led me to the dual conclusions early in my career that firstly, the dependency on networked technology and growth of the then nascent internet was only going to increase, and secondly, the benefits and changes that these technologies bring also created significant risks, which insurance can help address.

In 2017, after nearly 20 years underwriting in the cyber insurance industry in which the market had grown from an obscure curiosity to a mainstream speciality business, I left the front line of the specialist insurance market to join a start-up Insurtech in cyber risk modelling.  It was an exciting prospect, and the world of cyber modelling was still in its infancy. The goal was to build a new software platform to bring analytics and data to address the challenge of systemic cyber risk, in a way that had not been done before.

Fast forward five years, and there have been significant advancements in the world of cyber risk modelling. After a great experience in the world of Insurtech start-ups, I was ready for a new challenge and to re-join the commercial market.  When I left the market in 2017, the cyber insurance market was estimated at around $3.2Bn in global gross written premiums (GWP). Now it is over $12.8 Bn GWP, with growth estimated to reach over $35 Bn by 2028 according to some sources, and expectations of an annual growth rate of over 25%. One of the key enablers of this growth is reinsurance capacity to support existing and new entrants in the market. Globally, cyber insurance is still a relatively under-penetrated market within commercial property and casualty insurance. Some segments, such as for large US enterprises have widespread adoption of cyber insurance (over 80% buy), while other segments have few buyers of the coverage, such as in European small and mid-sized businesses (approximately 20%) and Asia-Pacific (under 10%).

In the last five years, the dynamics in the market have shifted dramatically. In 2017 pricing was extremely competitive, and many insurers offered increasingly broad coverage and streamlined application processes. An array of post-loss services was developed to demonstrate value of the coverage to clients and encourage more buyers into the market. Today, following significant claims pay-outs, there was a pricing correction and the re-underwriting of portfolios in the wake of widespread ransomware losses in 2019-2021. Today, there is much greater scrutiny on the cyber security hygiene and risk management of clients. In some cases, limits purchased have reduced due to the dramatic increase in rates.

Reinsurance for cyber risks often elicits one of two reactions – a handful of specialty markets have maturity and experience in the class, while many markets have had a historically limited appetite, based on perceived concerns about the complexity, scale or systemic nature of the risks. Part of the role of the reinsurance broker is to educate and alleviate concerns of potential market participants. As the market demand continues to evolve and grow, there has been a shift and markets which have sat on the side lines are expressing more interest in understanding the issues so that they can get comfortable in deploying capacity and take advantage of one of the fastest growing lines of business within commercial insurance. Of course, as well as sourcing and placing reinsurance transactions, an effective reinsurance broker should advise and support primary markets and MGAs by providing perspective on the market, as well as developments in data and technology. That requires specialist product and market knowledge, building on the existing capabilities of the Lockton Re team – something we are investing heavily in for cyber risk today at Lockton Re.

Throughout my career, I have always enjoyed my engagement with the reinsurance community. In the world of cyber risk, I sometimes found that it was an education process, where there was a gap in understanding about how cyber risks manifest, what risk management and loss controls were most effective, and how systemic risks could be mitigated. Reinsurers have invested heavily in recent years in both people and technology and are valuable partners in addressing new and emerging risks.

As I considered what my next career step looked like, I wanted to build on my experience in a role where I could leverage both my time in the primary cyber underwriting space as well as the learnings of being at the forefront of cyber risk modelling development. I am delighted to say that Lockton Re fulfils both criteria and more. I was intrigued from the outset by the proposition. The reinsurance operation is a relative start-up compared to some in the market, with significant focused investment on reinsurance since 2019, and the establishment of a dedicated entity. There has been rapid growth within Lockton Re and success across multiple lines of business. It has the benefit of the firepower and brand awareness that comes with being part of one of the largest privately held insurance brokerage entities in the world, yet the nimbleness and connectedness of a young and hungry organization.

There are three core values which are captured by Lockton Re. “Fierce independence” is based on the perpetual independence of Lockton, allowing us to have a unique perspective in the market. “Empowered People” encourages decisions to be made in the best interests of clients, to support a rapidly changing risk landscape. A lot of companies talk about collaboration. In a global market such as reinsurance, it is critical to walk the walk in working across geographies and product specializations to support clients. Lockton Re is leading both in our structure and with our technology to enable and facilitate effective collaboration across borders to support clients. Finally, “Born digital” is more than just a saying at Lockton Re and being able to develop leading edge cloud-based technology solutions without legacy issues, such as SAGE (our analytics visualisation tool), is critical to support our clients’ needs.

The insurance industry has an important role to play in providing financial security to clients when bad things happen. We can also help build the relevant incentives and motivations to improve behaviours within companies to defend against the ever-changing cyber security threats. Reinsurance is one of the key building blocks to protect balance sheets, develop products and create capital efficiency for the market. Building a sustainable cyber insurance market to support growing demand is a key goal of the industry. As technological dependencies continue to grow in both pace and scale, the associated cyber risks require the insurance industry to step up to the plate, to deliver solutions to help mitigate and transfer risks. I’m excited as a broker to partner with different parties to understand their needs and create innovative solutions to serve a variety of capital needs and protection requirements. Our goal is to continue building the market and ultimately support the financial and cybersecurity resilience required to address the perils. The world has changed a lot since the Melissa and ILOVEYOU viruses, but the principles of insurance as an important part of the risk management toolkit has not.