Article by Kalle Pohls

I don’t think we or anybody else really knows what they’re doing when writing cyber.

Information technology is widely seen as a major contributor to the growth of the global economy during the past decades. For example, business productivity, democratised information (alongside the emergence of fake news) and various other impacts caused by the digital revolution during the past two decades. These are known facts but come with a cost – dependency on the technological infrastructure. Increasingly material cyber risk, with a common definition still developing, splits into various components. These include malicious and non-malicious intent and covered objects such as intangible and tangible assets.

Yes – the insurance market for cyber insurance exists. Increasing demand for cyber risk transfer and services as well as product development are making cyber insurance a fast-evolving marketplace.

Carrying cyber risk

In addition to the insurers’ balance sheets and underwriting excellence, the cyber marketplace is supported by reinsurance and modelling of the aggregation of the risk on both portfolio and individual risk level. Reinsurers offer crucial back-up which enables insurers to provide cover and services to insureds while managing their balance sheet against both loss frequency and severity – as well as against a potential cyber catastrophe, which still remains to be seen.

The key functions of an effective cyber reinsurance market from the insurers’ point-of-view are risk transfer, knowledge sharing and portfolio management. In the current financial world, the reinsurance market has been attracting new capacity year-on-year and cyber already has a freshly established role and underwriting community besides the conventional lines of reinsurance.

Warren Buffet of Berkshire Hatha­way wrote in his annual letter to shareholders that there is a 2% risk of a $400 billion “super-cat” global cyber insurance disaster. Cyber is now akin to hurricanes, wildfires and earthquakes, carrying a similar level of risk. Despite the risk, many reinsurers, and insurers alike, are committed to providing services to the market.

Cyber insurance landscape

What makes the cyber insurance landscape slightly different – besides its accumulative nature – is the limited loss history and understanding of the pattern and nature of the losses. Compared to e.g. property covers, where hundreds of years of loss data is in some cases available, the reinsurance market views cyber as a relatively new source of losses.

On top of the intellectual and experience development, cyber market is also seeing a collateral-impact derived from ‘conventional’ development e.g. from the COVID-19 implications for the markets. Risk Consulting Magazine (Issue: 02/2020, p.5) discussed the supply chains affected by COVID-19 but relevant parallels of a globally contributing, hardly modellable and far-from managea­ble factor can be found.

The key alternatives for an insurer to reinsure its participation into the cyber insurance market are non-proportional and proportional reinsurance. Proportional relates to a model where the reinsurer and insurer share the risks with agreed split (such as for example 50% of each and every loss) from ground up whereas non-proportional refers to a type of reinsurance where the reinsured retains a loss of certain amount and the reinsurer agrees to pay for losses exceeding the amount.

The proportional reinsurance has been the dominant instrument in the genesis of the cyber reinsurance marketplace. As the exposure modelling capabilities are still developing, it has been considered fair to share the risk from the ground up.

Understanding the risks

Insurers and reinsurers share an interest in better understanding the exposure in order to design products, underwrite the risk transfer and ensure appropriate capital for the portfolio of risks. Combining the knowledge of the reinsurers and insurers benefits the policyholders as pricing becomes more accurate and insurance market solvency is secured in case of a grand cyber catastrophe.

The cyber loss modelling market has developed tremendously over the past years but still lacks consensus (as e.g. CAT modelling has gained) in forecasting, for example, 1-in-200-year losses. Various suppliers are working globally to put together sophisticated views on the market and portfolio loss potentials.

The methodology combines probabilistic and deterministic approaches in order for the insurers to prepare and allocate capital for the losses – whether frequency or severity in nature. Eventually the development radiates into the direct cyber insurance marketplace, by enabling insurers to help their customers by offering increased capacities and services.

Warren Buffet has a very fair concern: caution is needed when dealing with a ‘new’ exposure and with limited loss history. However, over the past years there have already been significant developments in the amount of reinsurance capacity available in the market.

Furthermore, a substantial amount of information and knowledge is available - most importantly on the sophistication of the loss / accumulation modelling - which has helped insurers in preparing and alleviating the cyber risk with better coverage and services, more capacity and more accurate, predictable pricing for the risk. 

  • Risk Consulting 3/2020

    There are several articles that might interest you in the Risk Consulting 3/2020, Cyber issue . Did you already read them all?

    All articles in Risk Consulting 3/2020
  • cover page of risk consulting magazine

    Not yet a subscriber?

    Risk Consulting is If’s professional magazine on risk management and loss prevention, and is one of the oldest client magazines in the Nordic countries.

    Risk Consulting is also available in print.

    Subscribe to Risk Consulting