This year feels like a watershed moment for the cyber insurance-linked securities (ILS) market, with tangible advances in use of ILS capital to support cyber risk underwriting, while cyber models have reached a level of maturity that promises there is much more to come, Brittany Baker of CyberCube told Artemis.
Speaking with Artemis in a recent interview around the Monte Carlo Rendez-Vous event, Brittany Baker, VP of Solution Consulting, CyberCube explained why things have changed for the better in cyber and as a result the potential for increasing levels of cyber ILS activity now holds real promise.
Baker explained that, “Cyber models have hit a level of maturity that are now allowing the insurance industry to expand both the reinsurance structures available and also be considered by the ILS market in earnest.
“While previously more straightforward structures were dominant due to the lack of modeling credibility, we saw 2023 kick off with the announcement of the first cyber cat bond sponsored by Beazley as well as a retrocession quota share by Hannover Re.”
Baker said that what has really changed to stimulate this wave of cyber ILS activity, is improvements in models and the market’s understanding of them.
She noted that “the reflection of true exposure, transparency, and validation” has helped to increase acceptance and understanding of cyber risk in the ILS investor community.
Baker explained, “Previously model inputs may not have been granular enough for sponsors to feel confident that their true cyber exposures were being represented in model outputs. One of the ways this has changed over the years is in the increased granularity in the terms and conditions that are included, for example: extortion sublimits and business interruption waiting periods. Another is having confidence that models reflect the true network architecture of their insureds across the book of business.
“While certain software supply chains such as operational technology are quite hard to observe, there are increasingly very good data sets that detail known enterprise dependencies for technology like cloud service provider usage. Models that are able to exploit this data fully and make adjustments where that data is lacking have given the market more confidence that uncertainty in potential event footprint is being minimized to the extent possible.”
Baker went on to say that cyber risk modelling firms, like CyberCube, are embracing transparency in order to provide the clarity into methodologies used and the underlying risks that both the traditional reinsurance market and ILS investors need.
“Transparency in model methodology is key to acceptance from not only the (re)insurance carriers but also in fostering the development cyber ILS market. In order to increase adoption modelers have become increasingly more open about their data, methodology, and the limitations of their models. Cyber expertise is still being built across the value chain but leaning in on the similarities of systemic cyber modeling frameworks with those of nat cat modeling while being as transparent as possible has helped cyber models garner the interest and initial trust of the ILS community,” Baker told us.
Adding that, “No one benefits from a black box, but the entire cyber insurance industry has a lot to gain from the growth that even a fledgling cyber ILS market can help support.”
In delivering what ILS investors have needed to gain comfort in modellers abilities, when it comes to cyber risks, Baker said that validating model output has been an important step.
“It’s true that we do not yet have a robust history of systemic cyber events to validate these models in the same manner as is done for other insurance models. However, there are validation exercises that can and should be done now. Breaking down the separate modules of systemic cyber models into event definition or narrative, frequency, footprint, and severity can greatly expand the universe of real-world data that is available for these exercises as they allow for non-systemic events and near misses to become relevant and informative,” she explained to in our interview.
Closing to say that, “This has been key for potential investors in the cyber ILS space who want to see evidence that cyber modeling is robust enough for their purposes.”