Experts See Similar Challenges in Cyber, Intellectual Property Risks

Two of the exposures emerging as among the most critical—and challenging—for many organizations are cyber risks and threats to intellectual property (IP).

On the cyber front, the headlines are full of reports of data breaches and ransomware attacks. Meanwhile, on the IP front, intangible assets are representing a greater share of many organizations' total value and hence, a greater exposure to be protected. Naturally, as it has on so many aspects of life and business, the COVID-19 pandemic had an impact on both cyber exposures and IP risks.

"Over the course of the last year, it's without exaggeration to say that we have faced profound and escalating risks," said Lambros Lambrou, chief executive officer, Commercial Risk Solutions at Aon. "Our industry has undergone massive change and is potentially on the verge of a major tipping point."

At the same time, however, he said, "History is not a great determinant of how risk is going to behave in the future, and that's one of the big challenges certainly that the industry is trying to rise to."

Mr. Lambrou made his remarks while moderating an executive panel on "Cyber and Insuring Intangible Risks" at the International Insurance Society's recent virtual Global Insurance Forum.

On the cyber front, more frequent ransomware attacks are driving increased demand for cyber insurance but also providing insurers more data points that help them understand the risk, said Farooq Sheikh, insurance go-to-market lead at Unqork.

"IP risk, the same issue. It has been managed to an extent in some sectors," he said. As IP has grown in size as a percentage of the value of many organizations, Mr. Sheikh said, "We're seeing a lot of movement on the understanding side, but we haven't yet seen a significant enough movement on the remaining elements of the risk management continuum—managing that risk, evaluating that risk.

"Both these risks have a very significant data and technology underpinning," he said, and understanding the threat vectors involved—both internal and external—requires a new approach from both risk management teams and insurers. "Really thinking about it as a data and technology first kind of problem," Mr. Sheikh said.

The effort to address IP risks is very similar to attempts to address cyber risks, Mr. Sheikh said. While many are starting to understand the value of IP, it's still not well managed from a risk management perspective. "What are the parameters under which IP assets need to be considered and evaluated and insured, and how do you manage that risk management element, put safeguards in place?" he asked.

From the perspective of IP as a next-generation asset class, Lex Baugh, global chief underwriting officer, Casualty and Financial Lines at AIG, said for insurers, valuing IP and assessing the factors behind changes in value have been challenging.

"It has been a real challenge for us to get our arms around not only the initial valuation but also any diminution of that valuation and what the originating cause is of the diminution of that IP valuation," Mr. Baugh said.

"At the end of the day, the insurance industry's ability to provide risk transfer solutions is built on its ability to identify, quantify, and then ultimately understand how risk behaves over time so that risk transfer solutions can be brought to bear," Mr. Lambrou said. "The valuation aspect of IP is so key to that."

According to Mr. Sheikh, the COVID-19 pandemic has brought added volatility to IP assets, adding to that challenge. "In the IP world, (the pandemic) significantly changed the value of the digital economy," he said. Companies like Zoom and others saw significant increases in stock prices as many businesses moved to remote work or online commerce.

"So, all of a sudden, you had a massive boost for anybody who had related IP assets," Mr. Sheikh said. "Every one of these digital economy vendors had a very significant uptick, and a large part of that uptick came from the increased valuation ascribed to IP."

But there's a risk now in those historically high valuations of IP, he said. "What we're seeing even in the past year or two is that the valuation can fluctuate massively," Mr. Sheikh said, making valuing IP and determining how to insure it and monetize it more difficult.

"This reminds me of the early days of cyber," Mr. Sheikh said. "Depending on how many people you had in the room, you had that many different opinions about the valuation of cyber risk."

With regard to cyber risks, Mr. Baugh noted the growth in the cyber-insurance market. "We're well and truly out of the hard sell phase of the cyber market," he said.

Still, he said, "We've made meaningful advances in cyber-risk awareness, but many companies are still catching up.

"Digital assets are still frequently being neglected until something happens," he said. "We're seeing more disruptive and expensive business interruptions as clients' activities become more integrated and more connected."

Clarke Rodgers, enterprise strategist at Amazon Web Services (AWS), said his company is seeing an increase in clients' digital transformation projects. Those projects are often less about technology than about cultural changes and changes in the way businesses operate and the speed, agility, and security they can bring to their customers and their industries, he said.

"The driver for that is the risk of not transforming," Mr. Rodgers said. "If you keep doing business the same way you've always been doing it, you're not only going to perhaps put yourself in a risky situation from a cyber perspective, but you're also going to put yourself in a risk situation from a business perspective."

AWS is also seeing many customers recognizing the need for cyber security, he said, and looking not just at the technology aspects of cyber security but also the cultural changes needed to help improve cyber security.

"Ultimately, good security is a differentiator in the market," Mr. Rodgers said, potentially resulting both in reduced insurance costs and increased confidence from customers and clients.

Also driving the increased focus on cyber security, Mr. Sheikh noted, is that many insurers are increasingly calling on customers to implement specific cyber-security activities if they're to be eligible for cyber-insurance coverage.