Rating agency Standard & Poor’s says it is inevitable that insurance and reinsurance firms will look to both the government and capital markets to help in boosting available cyber risk capacity. It says that if a prudent approach to underwriting and accumulation management isn’t followed, the economic loss potential associated with cyber risks will be enormous.
In a new report on the reinsurance market’s approach to cyber risk, S&P points out that the potential for cyber losses to cripple the (re)insurance industry is very clear.
Ability of the traditional (re)insurance market to deploy sufficient capacity
S&P also questions the ability of the traditional insurance and reinsurance market to deploy sufficient capacity to meet the market opportunity of cyber risk on its own, or whether that would be sensible, leading the rating agency to liken the growth of the cyber market to the catastrophe risk underwriting market after hurricane Andrew.
“We believe the lack of global standards, including a homogenous definition of cyber events, liberal exclusions, and relatively low sums at risk offered by (re)insurers for now are keeping the market in its infancy,” the S&P report said.
The global cyber insurance market has been very profitable for those willing to venture into it, but there is an uncertainty premium that providers benefit from currently, which should disappear as cyber risk models and the understanding of cyber exposure improves.
Losses, economic and insured, from cyber risks are on the rise
The economic and insurance market losses from cyber risks are on the rise, S&P notes, while at the same time there is a significant amount of so-called silent cyber risk embedded in other lines of business across the (re)insurance market, that threatens to boost any major cyber catastrophe into a market impacting loss.
The rating agency urges caution, saying that (re)insurers need to analyse their portfolios to find out if they carry non- affirmative cyber exposures (silent cyber) and learn to manage them.
S&P credit analyst Johannes Bender said, “We believe considerable silent cyber exposure is embedded in traditional insurance and reinsurance products.”
Cyber insurance is expected to outpace most other lines of insurance business
The cyber insurance market is expected to outpace the growth of most lines of insurance business over the coming years, rising to around $8bn in gross written premium by 2022, compared with about $5bn in 2018, the S&P report said.
But even this growth is not covering the true scale of the cyber exposure in the insurance and reinsurance market, or sufficient to reach its potential. Hence, S&P suggests that government and the capital markets combined may be able to deliver the capacity required for the cyber market to meet its potential and become a more sustainable marketplace as well.
Reinsurers, governments and capital markets should partner
“Due to the enormous potential size of economic cyber losses, combined with the limitations on traditional (re)insurance capacity, we believe (re)insurers will partner with governments and the capital markets to increase capacity in the global market,” S&P says.
The report compares it to 1992, when “state funds for catastrophe risks and catastrophe bonds for capital market investors brought more capacity to the sector,” providing much needed property catastrophe reinsurance capacity to the market.
The report says that Singapore government’s cyber risk pool initiative which is expected to be backed by cyber catastrophe bonds and other ILS instruments is a prime example of an initiative that could bring much-needed capacity to cyber risks.
However, “before ILS investors will accept cyber risk as a potential investment opportunity, the market will need to enhance its ability to model this risk as well as have a longer track record,” the report said.
Quantitative modelling and data quality have to improve
The rating agency also notes that the correlation between cyber risks and global financial markets is much greater than seen in catastrophe risks, so ILS investors may take some encouragement to deploy significant capital into cyber risks to begin.
Overall, the cyber underwriting market remains immature and the time for cyber ILS, while not far away, is not yet with us to any significant degree.
The report further explained, “If reinsurers are able to improve quantitative modelling and data quality, this may allow for more capacity in the fast-growing business of cyber risk.” A