Insurance Industry

Speakers: Lloyd’s of London Must Change

Modernizing operations, appealing to emerging markets and leveraging the growing need for cyber protection were among the suggestions.
By: | July 9, 2015

Lloyd’s of London must change, perhaps even adopt a new business model, if it is to thrive, according to the consensus view at a Lloyd’s Executive Briefing in London, which was held by Norisco and sponsored by EMC, Techdata and Cisco.

The briefing took place the same week as when the Willis/Towers Watson and ACE/Chubb deals were announced, and Lloyd’s CEO Inga Beale allowed men to remove their jackets and ties, for the first time in the organization’s 327-year history, owing to the heat.

Eamon Campbell, founder & CEO of Norisco, spoke about the need for Lloyd’s to manage change, while Richard Bishop, CEO of Cobalt Underwriting, spoke briefly about Lloyd’s “finding new ways of talking to the emerging markets.”

“The bad guys are winning, and the bad guys are always going to win.” — Terry Greer-King, director of cyber security, Cisco.

The need to modernize operations and cyber security coverage needs were also prominently discussed by additional speakers at the event.

An Outdated Business Model

Simon Wilson, director of international development at Markel, analyzed Lloyd’s’ success in Singapore, but added that it has been less successful in other parts of the world. Overall, its share of business in emerging markets is not growing, said Wilson, who had run Lloyd’s Asia, based in Singapore, which is a hub for the Asia/Pacific region.

The organization’s “fairly antiquated market model — syndicates, managing agents, corporate capital, personal capital — confuses regulators in countries with corporate models,” Wilson said, and that requires significant regulatory change when Lloyd’s enters a new market.

Lloyd’s also faces competition in far-flung markets from some of the major insurers that provide its corporate capital, he said.

On the positive side, Wilson offered suggestions for Lloyd’s to sell niche products in emerging markets: Find trustworthy local partners. Protect intellectual property with technology. Put boots on the ground in new markets as an efficient way of bringing London staff up to speed. Finally, expose people from those markets to London.

The Bad Guys Will Always Win

Insuring against cyber risk offers Lloyd’s real opportunities, said Terry Greer-King, director of cyber security at Cisco.

“There are only two types of companies in this world,” he said, “those who have been hacked, and those who don’t know they’ve been hacked.” To make matters bleaker, he added: “The bad guys are winning, and the bad guys are always going to win.”

Sixty percent of stolen data “walks within the first couple of hours,” Greer-King said. Yet, typically the time it takes a company to learn it has been breached is “weeks and months; it can be nine or 10 months.”

The business enterprise is less secure than it has ever been, underlining the opportunity available to Lloyd’s. — Sean Horne, chief technology officer for UK and Ireland, EMC

Board members know their security is being breached and are looking for a different approach, Greer-King said, and with the advent of the cloud, “nobody knows where their data is.”

Adding to the complexity, he said, was the forecast that by 2018, the average knowledge worker is expected to have six connected devices, often owned personally. Cyber security must find a way to safeguard each one.

The business of breaching data security is now the realm of organized crime, he said, and global legislation to counter such attacks is limited.

“In the past 12 months, there has been a fundamental shift from attacking individuals to a focus on the largest businesses,” he said. “It’s easy money. You can access the dark web through Google.”

Solutions? One is for companies to use their local or global networks as censors. Cisco sets up “honeypots to attract the bad guys.” In addition, goal-oriented penetration testing can identify a company’s prize assets and find ways to defend them.

A few days later, as if to underline Greer-King’s message, Lloyd’s reported that a cyber attack on the U.S. power grid could cost the U.S. economy more than a trillion dollars.

Perimeter Security Fails

Sean Horne, chief technology officer for UK and Ireland at EMC, revealed that his company had suffered a breach, which it only learned about following a consequential event.

“ … to a large degree, all of our individual success in the London market is predicated on the ongoing success of the collective itself” — Sasa Brcerevic, chief operating officer, Hiscox London market operations

EMC also sued someone who had taken its data, but lost, Horne said, because its operating practices trumped the rules it had in place disallowing the data theft.

One solution EMC came up with was to limit email attachments. Documents are no longer sent from its database. Instead, only a link is sent, with a specific password sent separately; the data never leaves EMC’s control. Perimeter security, Horne said, is a waste of time and money.

In broad, he concluded, the business enterprise is less secure than it has ever been, underlining the opportunity available to Lloyd’s.

Collective Responsibility

Sasa Brcerevic, chief operating officer of Hiscox’s London market operations, spoke about the November 2014 report issued by the London Market Group, a market-wide body that champions the London market’s modernization agenda.

Working in the U.S., Brcerevic learned that few customers understand the complexity of the Lloyd’s business model. Insureds, he said, tend to think of Lloyd’s as a “black box,” and fail to differentiate brokers from carriers, and even carriers from other carriers.

Brcerevic spoke of a “wake-up moment” when he realized that “to a large degree, all of our individual success in the London market is predicated on the ongoing success of the collective itself. The right solution for the collective is a collective solution.”

Roger Crombie is a United Kingdom-based columnist for Risk & Insurance®. He can be reached at [email protected].

More from Risk & Insurance