Reinsurers examining alternative ways to insure cyber

Cyber Liability Insurance Data Cover 3d Illustration Shows Internet Fraud Insurers Giving Risk Coverage

Cyber may be one of the fastest-growing lines of insurance business in both Canada and abroad, but it’s associated with global systemic issues, and reinsurers are pondering how to raise additional capital to help cover the potentially huge demand for capacity.

“In the cyber line of business, to respond to the needs of the market, we need to reach out to the capital markets and try to get additional capacity from the capital markets,” Jean-Jacques Henchoz, CEO of Hannover Re, suggested at the National Insurance Conference of Canada in Montreal last week. “But it’ll take a bit of time until we have cyber Cat bonds. I think this is the next frontier.”

During the pandemic, the cyber market hardened considerably, as cyber losses on the primary side spiked due in part to ransomware attacks following remote work. In Canada, cyber loss ratios went as high as 498.9% in the first half of 2020, meaning cyber insurers were paying almost $5 in claims losses for every dollar they received in premium.

Insurers responded by increasing rates and restricting terms and conditions on cyber policies. The moves resulted in a cyber net loss ratio of negative-48% in Canada after reserve releases in 2022.

But with the cyber market stabilizing, reinsurers are wary about signs of market softening in the cyber line.

“With cyber, what we’re seeing is a resurgence of the ransomware,” NICC panellist Kathleen Reardon, CEO of Hiscox Re & ILS said. “And some of the traditional underwriters, their discipline is waning a little bit. We also have a lot of inconsistency on the war coverage. We just need to clean that up. We’re a significant cyber reinsurance underwriter and these are things we’re going to look at upon renewal.

See also  Role-Reversals: How can Group & Voluntary Benefits Insurers Prepare for Today’s “Improv” Employee Benefits Markets?

“I do understand that the Canadian market is more interested in buying some non-proportional cyber and that’s certainly something we want to be there for. But [we need to] figure out the systemic risk, making sure the underlying conditions are strong.”

Reardon said she sits on the board of trustees of her alma mater. Recently, the board was examining its cyber policy coverage. “It was a significant rate decrease and a reduction of the attachment point,” she said. “So I sit in the room with multiple hats on. [As a reinsurer], it was really concerning.”

For reinsurers, one of the main concerns is to quantify the global systemic cyber risk. Munich Re projects the global costs are expected to surge over the next five years, rising from $8.44 trillion US in 2022 to approximately $11 trillion US in 2023, and potentially reaching approximately $24 trillion US by 2027.

And as the world becomes more digitized, the attack vectors for cybercriminals increases as well.

“Future cyberattacks will be increasingly accelerated by key technology trends such as artificial intelligence like ChatGPT, the so-called ‘metaverse’ and the expanding worlds of IT, Internet of Things (IoT) and operational technology (OT),” Munich Re states in its report, Cyber insurance: Risks and trends 2023. “All these converging technologies offer great opportunities for society, businesses and governments, though new attack surfaces, vulnerabilities and systemic risks will continue to emerge at the same time.”

Related: Why one cyber expert believes cyber insurance is in a good place right now

The issue for the industry is how to limit its exposure to cyber risk on a global scale.

See also  Understanding the Importance of Trench Safety 

“I think there’s a huge desire to continue to grow and build that market,” said David Priebe, chairman of reinsurance broker Guy Carpenter, and moderator of an NICC panel on reinsurance. “But because it’s a globally systemic risk, you, managing the risk of capital might say, “This is the maximum I can take on.’

“And then the question is, ‘Do we need some umbrella over the top to provide that ultimate protection?’”

That raises the question of where the capacity for such an umbrella might be found. Henchoz suggested cyber insurance bonds might be an option in the future. Others on the panel discussed whether there’s an appetite for setting up a public-private partnership to establish a cyber backstop. Canadian P&C insurers have called for a public-private partnership with the federal government to create a government backstop that would limit the private insurers’ exposure to massive earthquake and frequent flood events, for example.

But so far, Ken Brandt, chairman, president and CEO of TransRe, observed, there has not been such a call for a government backstop for cyber risk.

“It’s not like our industry is clamoring for a government solution for cyber,” said Brandt. “The market is working very hard on the systemic issue….Cyber is very interesting, it’s the fastest-growing product line and has unique challenges.”

 

Feature image courtesy of iStock.com/stuartmiles99