Data loss from cyber breaches to corporations currently lead the insurance and reinsurance industry’s exposure to cyber risks, according to risk modeller RMS, but in the future there is the potential for cyber catastrophes of a systemic scale, the company’s research shows.
In announcing the launch of an update to its RMS Cyber Accumulation Management System, RMS said that cyber breaches are the leading cause of loss currently and its analysis shows that if all U.S. businesses had cyber insurance cover, more than $5 billion of insured loss would be suffered each year just because of what RMS terms cyber data exfiltration.
“In only fifteen months since we launched the RMS Cyber Accumulation Management System, we’ve seen the cyber risk landscape change dramatically and version 2.0 of the system reflects those changes,” explained RMS senior vice president, Dr. Andrew Coburn.
“For example, we’ve seen the largest ever data breaches, denial of service attacks, and attempted financial thefts. Data breaches can cost companies hundreds of millions of dollars, and our modeling shows the overall insurable loss across U.S. businesses from data exfiltration is running at over $5 billion a year,” said Coburn continued.
But the future could look much darker for insurance and reinsurance exposures to cyber risk, as physical damage from so-called silent cyber risk exposures that are in re/insurance covers but that re/insurers may not be aware of and the potential for systemic level catastrophic cyber risk losses are both apparent in RMS’ opinion.
Coburn said; “The past year has also demonstrated the potential for future systemic cyber catastrophes, for which overall losses would far exceed $5 billion, and version 2.0 has the capacity to model this risk.”
The silent exposures that are embedded in non-cyber insurance or reinsurance lines of business such as commercial and residential property, industrial facilities, upstream energy, and marine, are all areas that the insurance-linked securities (ILS) market could be gaining some exposure to.
As the ILS fund market has expanded its remit to access more retail type property, largely of the commercial variety, ILS managers are taking on some exposure to property perils other than pure natural catastrophe, with explosion, fire, sprinkler leakage and other losses all having the potential to be impacted by a cyber attack.
That means ILS funds that have expanded into these risks could be carrying silent cyber exposures within their portfolios, which in many cases will not be clear to investors.
The lack of cyber risk models remains an issue, and while RMS and others are making impressive steps to put tools in place to help insurers, reinsurers and ILS managers better understand their exposures, these efforts really remain in their infancy with much work left to do.
The physical damage possible through a cyber attack, which could hit property portfolios of insurance or reinsurance, is just one way to cyber risk could be seeping into the ILS fund market.
The systemic cyber catastrophe is another, as an event of significant scale could trigger widespread property damage that would hit lines of business which are typically considered cyber risk free.
Many insurance and reinsurance policies now exclude cyber risks, but the market remains awash in policies and reinsurance arrangements which do not exclude cyber sufficiently to prevent difficult claims and possible losses.
Cyber risk is so all-pervasive that it will, in time, become essential for an ILS fund that underwrites any type of property insurance, energy facility, industrial, marine or other specialty exposures (space, satellite risks etc) to assess and understand how cyber risk losses could impact those portfolios.
The cyber insurance market remains young and the coverage often restrictive due to terms, narrow, or even inadequate. However the breadth and amount of cyber risk in reinsurance markets is much larger than the specific policies alone would belie.
Add to this the fact that cyber insurance coverage is becoming more all-encompassing and broader and this makes understanding silent cyber risks and the systemic or catastrophic future cyber scenarios increasingly important.
We often discuss the potential for the capital markets and ILS funds to provide cyber insurance, reinsurance and risk transfer solutions, but in time these markets may require ways to also hedge the cyber risks already seeping into their portfolios.
The ILS and capital markets future is not just in providing risk capital to protect against growing cyber risks, but it will also be in dealing with the silent cyber risks it absorbs.
Join Artemis in Singapore on July 13th 2017 for ILS Asia, tickets on sale here