ILS funds already carrying cyber risk, they’re just not getting paid for it: DeNexus
The increased digitalisation and interconnectedness of the world has altered the risk profile of portfolios, meaning that insurance-linked securities (ILS) funds are already holding cyber risk, they’re just not getting paid for the exposure, according to DeNexus, a specialist provider of software for cyber risk quantification for large industrial and critical infrastructure corporates.
Cyber risk has long been touted as a real opportunity for the ILS asset class, and with digital transformation accelerating around the world, we spoke with Jose Seara, Founder and CEO of DeNexus, about the potential for the marketplace to have a meaningful impact on this rapidly expanding line of business.
“The world has gone digital and is using the cloud, which means that the risk profile of portfolios of assets have already changed with significant business interruption (BI) risk now in the hands of third-party digital service providers,” said Seara.
“This means funds are already carrying cyber risk, but they are not getting paid for it. This significant pent-up demand for cyber risk capital becomes a major opportunity for ILS managers and investors as they seek to diversify their portfolios.”
Undoubtedly, the capital markets has a key role to play in the cyber risk transfer market given the size of the potential exposure. And with critical global issues, such as the net carbon zero ambitions, requiring true digital transformation, the cyber threat and therefore need for adequate protection is on the rise. To date, however, the ILS market hasn’t made its move.
According to Seara, technology and modelling can make cyber a more tenable part of the ILS asset class.
“We need to be confident in how this digital risk can be made visible in new, digitally-transformed complex value chains and managed in a manner that allows boards, insurers, reinsurers and alternative capital providers to have confidence in the nature of values at cyber risk, and the quality of risk where protection is being sought and provided,” said Seara.
For insurers, the aforementioned shift in the shape of risk portfolios makes the risk far more difficult to cover and is actually an existential issue for insurance and reinsurance companies, according to DeNexus.
“Fundamentally, it comes down to visibility, and understanding the risk, and for many fund managers, deal structure and pricing are seen as particularly problematic, and funds are not being offered potential transactions that either pay enough or make sense structurally.
“Furthermore, there is a sense that quantification models are not considered as reliable in cyber as they are for property catastrophe transactions. However, this view of models is an urban myth, and it is getting in the way of the first significant and repeatable trades,” explained Seara.
For fund managers and investors that are looking to cyber as a possible class of business to enter, Seara stressed that first, it’s important to look beyond the urban myth surrounding cyber risk quantification models.
“Second generation platforms like DeNexus DeRISK are driven by real time inside-sourced operational data in addition to outside-in threat intel and contextual data, that in certain sectors like power critical infrastructure systems or subsectors like renewables, provide a globally-significant and material data block. This is synthesised with a clear view of catastrophic risk scenarios for very similar buckets of risks to generate credible and auditable values at risk within enterprise, portfolios, sectors, and industry and sub-industry verticals. In turn, the parameters of catastrophe that shape the model of not yet seen catastrophic events are transparent and auditable,” said Seara.
“Secondly, ensure that you engage with partners who bring meaningful risk portfolios that have been quantified to an auditable standard and are known to be good quality risks to the transaction. In addition, ensure that they use a lead reinsurer that is highly knowledgeable about the sector of interest – such as renewables – and that they are established in the cyber market,” Seara added.
It’s also important for both ILS fund managers and interested investors to focus on the development of deal structures that address a mechanism for efficient capital release, as well as the long-tail nature of cyber risk, and the lack of expected liquidity, said Seara.
“Finally, it’s hard to see so much demand for a cover that is so broadly needed to go unaddressed for too long. This leads to recognition of an important market dynamic that is helping to stimulate the entry of cyber reinsurance risk into the ILS sector: that is the lack of access for reinsurers to retro. Filling this gap is a critical opportunity for the ILS funds.”