The massive exposures from cyber risk will eventually need to be dealt with by the insurance and reinsurance market with a hybrid approach, creating reinsurance products that leverage both traditional and capital market or ILS practices, according to PwC.
In a report released today, PwC discusses the enormous potential of the cyber insurance market, a market that the consultancy expects will grow to $5 billion in annual premiums by 2018 and at least $7.5 billion by the end of this decade.
The report, titled ‘Insurance 2020 & beyond: Reaping the dividends of cyber resilience‘ and announced at the Monte Carlo Reinsurance Rendezvous, reveals the huge exposure and potential costs associated with cyber risks and discusses the potential for the insurance, reinsurance and insurance-linked securities (ILS) market to develop products to help mitigate cyber risk exposures financially.
“Paul Delbridge, insurance partner at PwC, explained; “Given the high costs of coverage, the limits imposed, the tight terms and conditions and the restrictions on whether policyholders can claim, many policyholders are questioning whether their policies are delivering real value. There is also a real possibility that overly onerous terms and conditions could invite regulatory action or litigation against insurers.
“As Boards become increasingly focused on the need for safeguards against the most damaging cyber attacks, insurers will find their clients questioning how much real value is offered in their current policies. If insurers continue to simply rely on tight blanket policy restrictions and conservative pricing strategies to cushion the uncertainty, they are at serious risk of missing this rare market opportunity to secure high margins in a soft market. If the industry takes too long to innovate, there is a real risk that a disruptor will move in and corner the market with aggressive pricing and more favourable terms.”
The report addresses not just the opportunity presented by cyber risk, for underwriters with the skills and expertise to address the risk, but also how the market needs to respond in order to ensure the large amounts of capacity are there and how reinsurance capacity will be required to support cyber risk insurers.
One of the key recommendations is for hybrid risk transfer structures, capable of providing the risk capital required for such a massive exposure.
PwC notes that the cyber reinsurance market is currently less developed than the primary direct market for cyber risk, but says that as the understanding of the threats and maximum loss scenarios improves reinsurance firms could be encouraged to enter this market.
However PwC recommends that a hybrid approach is taken, between the traditional and alternative reinsurance markets, leveraging the best of the traditional reinsurance product where it is most suited and making use of the capital markets and ILS structures where they can play an important role.
“Risk transfer structures are likely to include traditional excess of loss reinsurance in the lower layers, with capital market structures being developed for peak losses,” PwC explains.
We’ve detailed this approach previously, that certain layers of the exposure are likely most suited to the ILS markets, if they can be parameterised and structured into transactions where the risk can be almost segregated to enable investors in the capital market to understand them.
PwC continues, saying; “Possible options might include indemnity or industry loss warranty structures, and/or some form of contingent capital.”
Certainly, once a cyber insurance market is established an industry loss warranty (ILW) product would be a great mechanism to enable the capital markets and ILS investors to take the top layers of exposure away from the traditional players.
Similarly, any other types of indices that could be created to enable cyber risk to be parameterised and better understood, could allow for capital market risk transfer structures to be used to transfer the peak risks to investors.
A natural development of this would be to see the risk securitized into catastrophe bonds, with an industry-loss or parametric index trigger. A modelled-loss trigger may also be possible, once the levels of data and exposure are better understood.
“Such capital market structures could prove appealing to investors looking for diversification and yield,” PwC notes.
If the risk is parameterised and understood to a degree that investors are happy to take it on, the diversification opportunity if clear. Cyber risk presents a true diversification for ILS investment managers, ILS funds and direct investors such as pension funds or family offices. As such any development of hybrid risk transfer using capital markets money would be an attractive prospect.
As most investors and ILS managers won’t have the experience in cyber risk necessary to understand and underwrite it, it will be vital that relationships are built with traditional insurance or reinsurance players, as well as with technology and cyber security providers.
PwC explains; “Fund managers and investment banks can bring in expertise from reinsurers and/or technology companies to develop appropriate evaluation techniques.”
One of the potential ways that a cyber cat bond or ILS solution could be seen to emerge is through partnership with cyber security firms. These firms understand their products, their clients and the penetration or hack-rate, meaning that if they choose to buy protection the data may be available to enable a capital market solution to be developed.
Cyber risk insurance is one line of business where ILS and the capital markets could potentially find itself directly providing risk transfer to corporates, particularly the very large cyber security technology providers of the world.
PwC highlights the need for a risk facilitator to emerge:
Given the ever more complex and uncertain loss drivers surrounding cyber risk, there is a growing need for coordinated risk management solutions that bring together a range of stakeholders, including corporations, insurance/reinsurance companies, capital markets and policymakers.
Some form of risk facilitator, possibly the broker, will be needed to bring the parties together and lead the development of effective solutions, including the standards for cyber insurance that many governments are keen to introduce.
The facilitator may come from the technology side, enabling the insurance, reinsurance and capital markets or ILS players to better understand the risks, the exposure, the potential magnitude of losses, making creation of these hybrid risk transfer structures more feasible in the future.
An interesting prospect for both the traditional re/insurance and ILS markets and one where cooperation, rather than competition, may be seen as vital as the cyber insurance market develops.