Consider segmenting cyber risks in ILS deals: Johansmeyer, PCS

The cyber-attack threat is elevated this year and as the need for risk transfer grows, the re/insurance and insurance-linked securities (ILS) market would benefit from considering ways to formalise what losses are included under cyber ILS deals, according to Tom Johansmeyer, Head of PCS.

To kick off our series of sponsor showcase video interviews for the Artemis ILS NYC 2022 event, held April 22nd in New York City, we spoke with Johansmeyer about the evolving cyber risk landscape, political violence and unrest around the world.

You only need to look at the riots in Kazakhstan in early January and the unstable situation in Ukraine to see that political risks are elevated right now. And in an increasingly interconnected and digital world, it’s hard to talk about political risks without mentioning cyber risks.

As the exposures evolve and increase, the need for more risk capital and new types of solutions also rises.

Johansmeyer explained that it’s “utterly doable” for these types of risks to be transferred to the capital markets in the form of a private catastrophe bond, for example, but suggested that it would be beneficial to separate the exposures.

“I do think that a cyber event of the political violence sort could occur this year. Now, what’s interesting is I want to be careful to segment cyber terrorism from cyber, right. Because they’re two different types of risk,” he said.

“I’m talking to a lot of potential ILW counterparties right now, and one of the things I’ve been emphasizing is if you’re going to do a cyber ILW, for example, build in a hard exclusion for cyber using the cross referencing of PCS cyber and terror bulletins. So, basically, do your cyber ILW – a single event affirmative – but build in the cyber event which also has a cross referenced bulletin PCS global terror, and exclude it.

“I think if we can treat losses from cyber-attacks differently from cyber losses from political violence, it makes it easier for the market to write both PV and cyber,” he explained.

With this approach, he continued, you’re at least segmenting the risks so that you’re not going to get hit twice, effectively lowering some of the correlation risk so that you can “manage the risk and gamble more easily”.

Ultimately, Johansmeyer feels that the cyber-attack vector is escalated this year, and he sees it manifesting in a number of ways, which require different approaches to risk transfer.

“One is your standard cyber-attack, right. The standard state actor or state engaged actor brings down the grid. And it’s important. So, when you look at action, I see three types: you’ve got state actor, state sponsor, and state accommodated,” said Johansmeyer.

He went on to note that most of the ransomware work seen has been state accommodated, and that the move towards state sponsored or state acted seems to be ticking upward this year, which is a concern.

“The other threat vector for state sponsored or state accommodated is information warfare or information attack, which would be the dissemination of propaganda or information designed to destabilize. That wouldn’t be cyber insured loss should it occur. More likely, you would see something manifest as SRCC where you have destabilizing propaganda pumped through a local state, folks respond to that with protest or riot. Insured loss comes from SRCC even if such activity was fomented for misinformation,” said Johansmeyer.

Hear more from Tom Johansmeyer and meet with our Headline Sponsor PCS at the upcoming Artemis ILS NYC 2022 conference in New York on April 22nd (get your ticket today).

For details and to register for the conference, visit the event website: www.artemis.bm/ils-nyc-2022/.

The full video interview is embedded below and can also be viewed in full, along with previous Artemis Live video interviews here.