The enhancement of the PCS Global Cyber Index to include cyber catastrophe is in response to client demand, and is another positive step in helping the international risk transfer industry both understand and address the growing cyber threat.
PCS Global Cyber, a loss aggregation service that offers industry loss estimates for individual affirmative global cyber events, launched in September of last year, and following the addition of cyber catastrophe to the original loss database, Artemis spoke with Tom Johansmeyer, Co-Head of PCS Strategy & Development, ISO.
“Our entry into cyber was always meant to be just that, an entry. From the start, we had plans to work immediately on our first enhancement, and that’s what we’ve launched recently. Our first major enhancement to PCS Global Cyber is cyber catastrophe.
“Our clients asked us to do it specifically. The global reinsurance market wanted an independent source of cyber loss estimates, and they made it very clear that they wanted PCS to be that source. And on top of that, they wanted the same for cyber catastrophe,” said Johansmeyer.
Where the first iteration of its Global Cyber Index consisted of affirmative cyber risk losses of at least $20 million, Johansmeyer explained that with cyber catastrophe, it is somewhat different.
“Here, we report on events caused by cyber that can affect any line of business, such as property, errors and omissions (E&O), and kidnap and ransom (K&R). The event must have at least two original insureds affected, and the scope is worldwide. So, our bulletins have a cyber catastrophe code, just like you’d find for a hurricane or earthquake in the United States or Canada. Then, you’ll see an industry loss estimate for affirmative cyber and one for silent cyber,” he explained.
Silent cyber risks can be thought of as catastrophic losses from cyber-attacks on policies that don’t actually state if a cyber-attack is covered or excluded, as seen with the Petya/NotPetya cyber-attack in 2017.
PCS provided estimates for insurance industry losses from the malware cyber-attack, its second loss estimate through its Global Cyber service, and Johansmeyer explained that the historical event set for its cyber catastrophe addition includes the Petya/NotPetya attack.
“So far, we only have an estimate for Petya/NotPetya. The US$250 million threshold for cyber catastrophe does set the bar pretty high, which excludes any prior events for at least five years. Also, we decided to focus on Petya/NotPetya because it’s directly relevant. In addition to being recent, it shows some of the important issues, such as clash, that make cyber risk such a concern in the market.
“Everyone knows the big loss from that event—it’s all anyone can talk about in both cyber and property. The Merck loss is estimated to be more than half of the overall insured loss estimate for the entire event. If you were on both the cyber and property programmes, then you’re really feeling the sting of Petya/NotPetya. And even if you’re just on the property programme, you’ve just been pummelled with a cyber loss that you didn’t think you were exposed to,” said Johansmeyer.
Prior to the Petya/NotPetya attack hitting large property programmes across the world, much of the speculation in the marketplace focused on liability being the major silent cyber threat, explained Johansmeyer.
“I guess you could say this one was truly ‘silent’, as an unexpected line of business was affected—even beyond the unexpected nature of the threat,” he said.
Looking forward, Johansmeyer told Artemis that for now, PCS Global Cyber is focused on helping the insurance, reinsurance and ILS market understand the latest iteration of its solution, which starts with its “rapidly growing user base.”
“In the first year, we added a fairly large number of clients, and we still need to work through our pipeline to continue to get the market engaged. Along with this, of course, we’re continually working with our clients to figure out effective ways to use PCS Global Cyber in ILWs, for which the market appetite is clear. That said, we always love hearing new ideas from the reinsurance and ILS community.”