The expanding insurance-linked securities (ILS) sector has an opportunity to participate in the cyber risk transfer space, but for true market development improved modelling and pricing metrics are required, according to AIR Worldwide’s Florian Heimann.
Speaking at the Guernsey Finance annual ILS Insight event held in Zurich in early July, Heimann, a Risk Consultant at catastrophe risk modeller AIR Worldwide, discussed the need for better modelling of cyber risks if the ILS space is going to expose itself to the challenging, yet potentially profitable, rapidly advancing world of cyber risk transfer.
“Cyber is a pretty new peril and, in contrast to natural catastrophe models, people are simply not used to it yet. Natural catastrophe models have been used extensively for more than 15 years and people feel comfortable with assessing their risks based on those models. For cyber, this comfort is in the process of building up, and I would guess something that has to build up slowly,” said Heimann.
For the more traditional insurance and reinsurance markets of the world, and the alternative, or convergence space, cyber risk is generally viewed as one of the great challenges and opportunities.
Cyber is a new, emerging risk that if managed properly could represent significant revenues for the risk transfer industry while providing valuable protection for clients, although inherent complexities have made modelling, and therefore adequately understanding and pricing the risk challenging, especially when compared with natural catastrophe risks, which remains the main focus of ILS.
Heimann, continued; “The pretty straightforward geographic aggregation that can be applied in natural catastrophe models, cannot be applied in cyber models.
“If you have one house destroyed by a hurricane, chances are pretty high that the house next door will be affected by the same hurricane. For cyber, you would need to aggregate by more complex and more abstract features. Things like which operating systems are used, or on which third party providers do you depend?”
According to Heimann, there is available data on 23,000 cyber events, which is more than 20 times the amount available on storm or hurricanes in the U.S., so it’s clear that things are moving in the right direction as vast amounts of historical data are essential for creating adequate and effective models, which in turn promote improved pricing metrics.
Heimann, alongside panelists Scott Mitchell from Secquaero-Schroders, Jonathan Davies of Aon Benfield and Stewart McLaughlin of White Rock Insurance Company PCC, agreed that there is an opportunity for ILS to play an important role in the cyber risk transfer market.
“I spoke to an insurance company a few weeks ago and when you say cyber, they have actually broken it down into 12 discrete risks. So, I think we are working to actually define what cyber is and to put it into discrete risks and to model those particular risks,” said McLaughlin.
Continued innovation from the insurance, reinsurance, and ILS world will be vital to the development of cyber models and solutions that really address the growing issue.
Lloyd’s of London warned recently that a cyber losses could be as costly as some major natural catastrophe events, driving economic losses of beyond $120 billion, and with re/insurers still trying to get to grips with the peril it’s likely that should an event like this happen today, only a slight proportion would be covered by insurance.
Others in the ILS space have highlighted how regulation and analytics can help to develop the cyber ILS market, and also noted how the recent WannaCry breach supports the view that the capital markets is a natural fit for cyber risk, although it’s apparent to Heimann and other panelists that improved modelling and pricing metrics are essential if ILS is serious about exposing itself to the cyber risk transfer space.