Reinsurers are aware they must constantly invent new solutions in order to stay relevant for their clients. Yet, they admit they are sometimes challenged to close the protection gap for new and emerging risks such as cyber.
Cyber is actually an emerged risk because insurers and reinsurers started underwriting policies more than 20 years ago, but it still represents only a fraction of global property and casualty premiums. Nevertheless, the growth prospects for the sector are massive as the awareness of cyber risk rises.
Underwriters just need to proceed with caution, agreed reinsurers and rating agencies attending last month’s Rendez-Vous de Septembre (RVS).
Robert DeRose, senior director at AM Best, commented on the growth opportunities that do exist in the cyber market. “I think that the majority of the players are being quite cautious and are approaching that possibility in a judicious manner,” he said during a market briefing at the RVS. But, he noted, there are others who are writing the business for the purposes of gaining market share.
“The modeling in this area is still very, very primitive and…who knows when there’s going to be an event. But if there were an event of a material size, those who were not approaching [the risk] with some degree of caution could be burned quite badly.”
“This is actually an emerged risk where the needs of the clients really outpace the supply,” said Jean-Paul Conoscente, CEO of SCOR Global P&C, during a press conference at the RVS.
He said SCOR’s risk appetite remains cautious for two reasons. First, the company’s risk assessment capabilities are still maturing, which makes it difficult to assess accumulations. Second, he added, non-affirmative, or silent cyber, is “still very present and hard to quantify.”
“As a result, we prefer to be more cautious until that problem is solved.” Silent cyber is a big issue that the industry is trying to tackle, he confirmed.
Aon defines silent cyber as the unknown exposure in an insurer’s portfolio created by a cyber peril that has not been explicitly excluded. “Any policy that has no explicit exclusion for cyber incidents could be exposed, including products such as business interruption, marine, aviation or transport,” said a report published by S&P Global Ratings titled “Global Reinsurance Highlights 2019.”
The potential for accumulation should be a major concern for insurers and reinsurers, said Edouard Schmid, chairman of Swiss Re Institute and group chief underwriting offer, in an interview.
“Even more than a natural catastrophe, it’s a risk that has the potential to accumulate,” he said. “A big cloud outage could affect many, many policies at the same time, which wouldn’t be limited in a geographic scope like a typhoon or an earthquake.”
That’s why accumulation identification and management are key for insurers and reinsurers “so they know what they’re actually exposed to and can deploy their capacity in a managed way.”
In January 2018, Lloyd’s published a report analyzing the financial impact of an extreme cyber incident involving a major cloud provider that was forced offline in the U.S. for three to six says. Lloyd’s said it would result in economic losses of $15 billion with up to $3 billion in insured losses…