The type of cyberattack as seen recently on domain name system (DNS) provider Dyn are expected to become more commonplace, but this scenario highlights how reinsurance and capital markets can assist with the adaptability of cyber insurance as a means of transferring such risk, according to Rick Welsh.
DNS provider Dyn was recently the victim of a Distributed Denial of Service (DDoS) cyberattack, which is an attempt to disrupt an online service, ultimately making it unavailable by directing an overwhelming volume of traffic to the service from a range of sources.
For the insurance, reinsurance, and insurance-linked securities (ILS) markets cyber is seen as one of the great opportunities for revenue, growth, and diversification, but modelling difficulties and the complex and interconnected nature of cyber threats has provided the risk transfer world with a number of challenges.
Speaking to Artemis, Rick Welsh, Chief Executive Officer (CEO) of data and analytics company Sciemus Ltd., underlined the potential for the capital markets and reinsurance to play a part at innovating and adapting tools for cyberattacks such as this.
“In discussions we have had with capital markets, they understand that this is a logical extension to cyber insurance risk transfer rather than premature commoditisation of a nascent product. Reinsurers are looking for diversified risk, and we, as insurers, are looking for uncorrelated risk that can be modelled and is underpinned by the notion of fortuity.
“We believe that the non-traditional insurance market – loosely, reinsurers and funds looking to move closer to risk origination – can help to strengthen the adaptability of cyber insurance as a tool to transfer enterprise risk. Regulators are increasingly looking to ensure the industry is cauterised against systemic and catastrophic loss and for that to happen, event and aggregation methodology must be combined in the way that capital markets are looking to do,” said Welsh.
The cyberattack on Dyn highlights how interconnected businesses and services are through the Internet of Things. The attack disrupted Twitter, Spotify, The New York Times, and also could-hosting service Amazon Web Services, among others, reveals an article on website Politico.com.
The article concludes that the attack on Dyn shows how inherently fragile the Internet is, and that components and devices that make up the Internet of Things are “dangerously insecure,” a notion that supports the need for adequate and available risk transfer solutions.
Welsh expects that attacks such as these, which utilise these types of vectors to attack certain points within the Internet infrastructure, “will seemingly become more commonplace,” but stresses that the reinsurance and capital markets are in a good position to influence the cyber insurance market and bring solutions to the table.
“Given the relative low-cost and ubiquity of the “pay to play” malware business model, the reinsurance market is uniquely placed to help create cyber coverage which concurrently acts as a firebreak against cyber cat exposures such as these whilst providing a natural hedge against cyber loss aggregation.
“All of the constituent parts are available to reinsurers for cyber cat products that are normally pre-requisites for securitised property cat or terrorism risk; clear, discernible and accepted event triggers, modelled event exposure and independent loss arbiters,” said Welsh.
The potential scale of the cyber insurance market is staggering and as attacks continue to take place around the world and technology advances, the understanding of cyber risk will increasingly be demystified as the re/insurance industry works more closely with the security community. Ultimately, this should help to build the confidence and comfort of insurers, reinsurers, ILS funds and investors to operate in the space in a much more meaningful way.
Highlighting the potential severity and increased frequency of cyber attacks, and also the varied nature of cyberattacks from DDoS threats to ransomware attacks, for example, Beazley recently produced a report that claims ransomware attacks are set to quadruple in 2016.
So there really is need to develop solutions that utilise the capital markets and reinsurance to transfer a range of cyber insurance risks.
Welsh also stressed that with collaboration and dedication between the right partners, it’s possible in the very near-term to develop tradable cyber risk via a loss index.
“The loss window is short, as it was here in the Dyn scenario and therefore, the tail is minimised. Cyber risk is not by definition or even necessity, a long tail class when threat vectors and loss characteristics are properly understood,” explained Welsh.
With innovation, collaboration, dedication and advances with tech and modelling there is clearly scope for reinsurance and ILS to play a role in the cyber risk transfer space, and as the market matures it will be interesting to see what part the capital markets and reinsurance sector plays in the evolution of the cyber insurance space.