Buffett and Ajit Jain explain why they're staying away from hot cybersecurity insurance industry

This question comes from Carol Degend in Switzerland. In Europe, and this is for both Mr. Buffett and Mr. Jane. As political instability in the world is growing with a rise in the number of armed conflicts and trade tension, there is also increasing risk of cyber attacks. What are your views on cyber security insurance? Asking this question in general for retail, small businesses and large companies including critical key infrastructure such as power plants, harbors, airports, nuclear plants, etcetera. Do you see a potential for profit making in cyber security insurances and what are the key challenges? OK, let me start. Cyber secure cyber insurance has become a very fashionable product these days over these last few years. It is at least a $10 billion market right now globally and profitability has also been fairly high. I think profitability is at least 20% of the total premium has ended up as profit in in the pockets of the insurance bearers. Now having said that, we at Berkshire tend to be very, very careful when it comes to taking on cyber insurance liabilities for the part of actually for two reasons. One is it’s very difficult to know what is the quantum of losses that can be subject to a single occurrence and the aggregation potential of cyber losses, especially if some cloud operation comes to a standstill. You know that aggregation potential can be huge and not being able to have a worst case cap on it is what scares us. Secondly, it’s also very difficult to have some sense of what the, what we call lost cost of the cost of goods sold could potentially be. It’s not just for a single loss but for losses across over time. They have been fairly well contained out of 100 cents of the dollar. Of the premium losses over the last four or five years, I think have not been beyond $0.40 on the dollar, leaving a decent profit margin. But having said that, there’s not enough data to be able to hang your hat on and say what your true loss cost is. So in our insurance operations, I have told the people running the operations is I’ve discouraged them from writing cyber insurance to the extent they need to write it so as to satisfy certain client needs. I have told them no matter how much you charge, you should tell yourself that each time you write a cyber insurance policy, you’re losing money. We can argue about how much money you’re losing, but the mindset should be you’re not making money on it, you’re losing money and then we should go from there. So it is good. It’s projected to be a huge business. My guess is at some point it might become a huge business, but it might be associated with huge losses and our approach is to sort of stay away from it right now until we can have access to some meaningful data and hang a hat on data. Well you’ve just made you’ve just heard why Ajita is invaluable because that when you insure something you really want to think of what how much can you lose. And the question I remember the first time it was happened I think in the 1968 when there were the riots in various cities because I think Bob, I think it was the Bobby Kennedy death that set it off for the Martin Luther King and death, I’m not sure which one. But in any event when you write a policy you have a limit in that policy. But the question is, is what is one event? So if if if somebody this is assassinated in some town and that causes losses of thousands of businesses all over the country, if you’ve written all those thousands of policies, you have one event or do you have 1000 events And there’s no place where that kind of a dilemma enters into more than cyber. Because if you think about it, if you know let’s say you’re writing $10 million of limit per per risk and you decide that’s fine and you’re people lose 10 million. You know for some event you can take it. But the problem is if that one event turns out to affect 1000 policies and somehow they’re all linked together in some way and the courts decide that way, you’ve written something that in no way we’re getting the proper price for and and could break the company. And I will tell you that most people want to be in anything that’s fashionable when they write insurance and cyber’s an easy issue. You can write a lot of it. The agents like it. You know, they’re getting the Commission on every policy they write, and you’ve got to have somebody in charge of things that understands that you may get an aggregation of risks that you never dreamt of and maybe worse than some earthquake happening someplace just because you have a whole bunch of policies with $1,000,000 limit. And I would say that human nature is such that that most insurance companies will get very excited and their agents will get very excited. And it’s very fashionable. It’s kind of interesting. And as Charlie would say, it may be rat poison. OK, well, that’s cheerful. He’ll go to Station 6.