Interview with Sergio Pierro, senior underwriter, financial lines at XL Catlin in Paris
Sergio Pierro (pictured), specialty insurer XL Catlin’s in-house cyber expert for the French market, answered StrategicRISK’s questions for the AMRAE 2018 risk managers’ event in Marseille.
Is GDPR driving interest for cyber covers?
Absolutely, with the deadline to comply with GDPR approaching, we’ve seen a rise in demand for cyber coverage. That being said, growth in that segment (200% for XL Catlin in France) cannot be solely attributed to GDPR. Top management is increasingly keen to buy cyber insurance solutions. This increased interest is partly a result of a number of high visibility attacks against multinational companies, as well as French media discussing threats such as ransomware or denial of service incidents more frequently than they have in the past.
How well do clients seem to understand the risks involved within GDPR?
Large companies are clear on what the risks are, have a risk management strategy in place and will be compliant by the time the regulation comes into effect at the end of May this year. Most of them, for instance, already have appointed a data protection officer.
Is the market doing risk managers justice – e.g. scope and choice of covers available; size of limits available?
In terms of covers and limits, I believe the French market is meeting the demand from risk managers. There are a few cases where companies want a specific cover for the risk of IT crime, which isn’t included in most cyber coverages as this is a main feature of a crime coverage, but in these cases that market has responded by combining cyber/crime coverages to offer a tailor-made solution.
As for services, it’s now become standard (it wasn’t a couple of years ago) to offer some kind of response services to support our clients should an incident occur. XL Catlin works with Crawford in that field and the feedback from our clients is very good. But I think that risk managers increasingly expect their insurers to also provide prevention services. This will probably be the norm when we have this conversation again in a year’s time.