Reinsurance broker Guy Carpenter has said that, while insurance-linked securities (ILS) investors and ILS funds fear financial market correlation emerging after a widespread cyber attack event, they shouldn’t fear the risk of a “double-whammy” from the risk side and their investments in other asset classes.
The broker said it wants to “address ILS investors’ concerns around the “double-whammy” situation and to provide investors and the broader insurance community with the data-driven support to make an informed decision about capacity deployment.”
Guy Carpenter explains, “There is a long-held skepticism among the investment community that when a systemic cyber catastrophe event happens, it would result in a wide-ranging stock market downturn, since such an attack tends to be indiscriminate, and its victims would span across the entire economy. Many ILS funds are reluctant to deploy capital in cyber transactions for the fear of a “double-whammy” situation in the immediate aftermath of a widespread cyber attack.”
So, it has undertaken an analysis of stock market performance in the face of major cyber attacks and cyber loss events, finding that the correlation is not any worse than we see with natural catastrophe events, such as hurricanes.
The study serves to “demonstrate the lack of a clear connection between any observable historical cyber events and a stock market downturn,” Guy Carpenter said.
The broker’s team analysed 14 major cyber events that took place between January 1st 2000 and the present day, covering four types:
- Mass breach or vulnerability events, including Solarwinds and NotPetya
- Mass service outages, including the 2011 Amazon Web Services and the 2016 Dyn DDoS attacks
- Critical infrastructure compromises, including Colonial Pipeline and Saudi Aramco
- Financial market compromises, including 2010 Nasdaq breaches and the recent ION ransomware attack
They conducted a statistical analysis against the performance of the S&P 500, assessing the distribution of market returns in the immediate and near term aftermath of the 14 historical cyber events.
None of the events had a significant impact on distribution of market returns, with all falling “within the random noise in the market”, the research analysis found.
The analysts also looked at the Chicago Board of Exchange (CBOE) Volatility Index (VIX), finding that none of the 14 cyber loss events “led to meaningful rises or shifts in the VIX.”
The reason for undertaking the study is to help the ILS market, investors and ILS fund managers, gain greater comfort with deploying capacity to back cyber catastrophe bonds and cyber ILS instruments.
With the cyber insurance market needing reinsurance capacity and the cyber reinsurance market needing access to more retrocession, cyber cat bonds and cyber ILS are seen as key capacity sources.
But, institutional investors fear the potential for correlation effects, with the financial and broader capital markets, and some ILS managers have not embraced cyber risks yet for the same reason.
Hence, this kind of research can provide some comfort, that at least the largest cyber attack and cyber loss events we’ve seen so far have not driven any significant correlation with other financial market metrics.
The study also looked at comparing the impacts of cyber events, to the impacts of natural catastrophes, on the S&P 500 average 30-day performance.
They say it was “very similar to that of major hurricanes,” with large one-time losses seen after both types, but no strategic changes in economic activity or investment.
Jess Fung, North American Cyber Analytics Lead, Guy Carpenter, commented on the findings, “Our analysis demonstrates the lack of statistical correlation between widespread cyber events and stock market performance. The study also highlights that unlike natural catastrophe risks, the probability and impact of cyber-related risks can be mitigated with human intervention and AI-based cyber management tools, such as identifying and patching exploitable vulnerabilities in a timely manner.
“Cyber market participants can leverage our research findings to make informed decisions about their cyber strategy and attract new capital to support the sustainable growth of this insurance industry segment.”
Zain Awan, International Cyber ILS Lead, Guy Carpenter, also said, “With appropriate risk transfer structure mechanics, agreement across all parties around what scenarios/events are subject or covered under a cyber catastrophe transaction, along with robust risk modeling to reflect this, cedents and investors will be in a stronger, more confident position to engage and trade cyber risk exposures.”