Many insurance-linked securities (ILS) investors remain hesitant about allocating capital to cyber insurance and reinsurance risks, which leads rating agency S&P Global to suggest growth of a cyber ILS market will likely be slow in the short to medium term.
With market conditions for insurance-linked securities (ILS) investors seen as improving after several difficult years of natural catastrophe loss events, S&P notes that cyber ILS could be seen as one big opportunity right now.
The cyber insurance market is facing rising demand for protection from end customers, but the capacity offered in the cyber insurance and importantly cyber reinsurance (and retrocession) market is not keeping pace so far.
This is leading to a cyber risk protection gap, S&P Global Ratings believes, something that could be an opportunity for the insurance-linked securities (ILS) market.
“In our view, the cyber insurance market now presents an opportunity for ILS investors to gain exposure to cyber risks in the same way they did with natural catastrophe risks in the nineties following Hurricane Andrew in 1992,” S&P Global Ratings credit analyst Manuel Adam explained.
But while there is a clear opportunity, as we’ve reported many times over the years, the lack of cyber reinsurance and cyber retrocession has been making it hard for cyber insurance underwriters to significantly increase their underwriting, leading to a dearth of capacity and an inability to meet client demand for cyber risk protection.
But while cyber ILS and cyber catastrophe bonds have been a constant source of discussion and we’re aware of a number of ongoing initiatives to issue cyber ILS instruments, as well as some smaller private cyber ILS transactions, the growth of a cyber ILS market has been slow so far, something S&P believe will continue to be the case.
“So far, ILS investors have not shown much interest, and we believe that growth in cyber ILS will be slow in the short-to-medium term,” Adam said.
S&P gives a number of reasons for the hesitant response of ILS investors to the cyber risk opportunity.
First and perhaps a more acute reason for any hesitance at this time when recent years of catastrophe and secondary peril losses are so fresh in the memory, ILS investors “have learned the hard way that they can be exposed to perils that they had not fully modeled and/or priced for,” S&P said.
Secondary perils are seen to have increased in frequency, and driven higher aggregate losses than investors had expected, S&P explained.
As cyber risks are not limited by region and can easily spread globally, this has the potential to expose investors to accumulation risk and related losses, which heightens reticence to allocate capital to cyber ILS for some.
A second reason of hesitance is the greater potential for correlation to occur with cyber risk exposures.
The typical ILS market focus on natural disaster risk as the underlying exposure means that ILS investments typically offer diversification and real returns that are mostly independent of the capital markets, S&P highlights.
A major cyber loss event could actually trigger a decline or volatility in stock and bond market values, or be highly-correlated to them, so this means that cyber ILS would likely have a higher correlation with the capital markets.
On top of this and also causing hesitance among ILS investors, cyber risks can be extremely complex and risk transfer transactions exposed to cyber can be too.
“Complex transactions are likely to fail,” S&P believes, saying that, “A more simplified approach, starting with only one defined cyber peril, such as a cloud outage, a service provider outage, or an attack on critical infrastructure, instead of multi-peril agreements, will help investors better understand the underlying risk, and, as a result, quantify their risk exposure.”
S&P continued to explain in its report on the matter, “One way of attracting ILS investors to the cyber insurance space could be to offer different underlying cyber risks that could improve the diversification profile of ILS funds.
“Another way could be to focus on simplified and affirmative cyber transactions with clear peril definitions, and establish ILW products that have a cyber industry loss index trigger. This more cautious approach would help investors improve their understanding of cyber tail risk.”
In addition, the rating agency calls for having multiple entry points for investors to try out their appetite for cyber risk in ILS form, which would also offer additional risk transfer options for cedents.
“Having more entry points for investors and opportunities for (re)insurers to transfer specific and clearly defined risks to the capital market could help to sustain the cyber insurance value chain,” S&P said.
Feedback from ILS fund managers suggests that investor appetite for cyber risk in ILS form is “rather limited and varies heavily,” S&P explained.
Adding that, “Some investors have even said they have no appetite for cyber risks at all. That is mainly due to the substantial accumulation risk, the potential positive correlation between cyber attacks and the financial markets, and the complexity and heterogeneity of cyber risks.”
The fact cyber risk models are still in their infancy, when compared to catastrophe risk models, is also hindering development of a cyber ILS market, but S&P notes that information about cyber-related claims and response strategies is growing.
Because of all this, S&P believes, “The cyber ILS space will grow rather slowly and is likely to remain niche in the short-to-medium term.”
But the rating agency sees scope for market development in more simplified, single cyber peril transactions, such as parametric triggers, or with a focus on shorter-tailed risks, event-based covers that can be clearly defined (such as cloud outage), or in instruments like industry-loss warranties (ILW’s) using a trigger that has been robustly defined and is supported by a recognised third-party, such as a PCS.
One positive development in cyber reinsurance that could help to attract ILS investors in time is the shift to claims-made structures, over risk-attaching.
ILS investors want to know that they are only on the hook for losses during the lifetime of a risk transfer contract, hence the preference for excess-of-loss reinsurance structures.
As the cyber risk transfer market moves in this direction, it could open up the doors for more capital market opportunities, given the shortening of the cyber tail exposure.
Our upcoming ILS conference in London will feature a panel discussion on the potential for cyber catastrophe bonds and a keynote on the readiness of cyber risk models for ILS.Tickets are still available here.