The majority of insurance-linked securities (ILS) fund managers responded to a survey on non-affirmative cyber risk to say that they believe they have exposure in their ILS portfolios, according to PCS.
PCS, a Verisk business, recently surveyed over 75 percent of the ILS management community (measured by assets under management), asking the simple question “Do you believe you have non-affirmative cyber exposure?”
PCS explains that non-affirmative cyber exposure is commonly described as insurance or reinsurance coverage related to a cyber event, but where cyber coverage was not expressly covered.
The company wanted to find out where non-affirmative cyber exposure is a problem for the global ILS fund management community, hence surveying managers.
In response to the question, 17 out of 22 ILS manager respondents, equating to 89 percent by AuM, said that they believe they do hold non-affirmative cyber exposure in their ILS portfolios.
PCS said that some that have it appear to have a good handle on the issue, where others may not.
No-affirmative cyber exposure is often termed “silent cyber”, representing a peril that can sit in a portfolio and only manifest when an unintended coverage event occurs.
It can either be the case that cyber coverage was never intended in a property and casualty insurance or reinsurance cover, such as where property, marine, or professional liability contracts end up covering losses caused by a cyber event.
But cyber risk can also be a non-affirmative threat where exclusionary language is proven to be ambiguous as well.
Which means cyber risk is often not priced for, where it turns up in a non-affirmative manner and with the majority of ILS markets remaining focused on natural catastrophe perils, cyber is rarely priced for in the ILS or collateralised reinsurance marketplace.
While ILS fund managers are in the main aware of cyber sitting in their portfolios, they are less confident when it comes to identifying its details, it seems.
PCS said, “While the overwhelming majority of respondents to our question believe they have non- affirmative cyber, many reported that they are not sure where in their portfolios it is, how much exposure they have, or how to manage it.”
In fact, PCS notes that most ILS fund managers “appear to have accepted non-affirmative cyber simply as an aspect of doing business.”
Although it is clear they would prefer to carry as little of it in their ILS portfolios as possible.
“Ambiguity abounds” when it comes to idenfitying non-affirmative or silent cyber risk in ILS portfolios, PCS explained.
“Some ILS funds reported that they simply accept the risk, while a few have sought to identify and quantify it. Most respondents seemed to indicate that the non-affirmative cyber risk they held (if any) was tolerable, particularly given the use of cyber exclusions in other classes of business,” the company said.
A number of the ILS funds that answered PCS’ survey do have cyber exclusions applied to the reinsurance contracts that they underwrite.
Some of the respondents said they attempt to exclude non-affirmative cyber, but are aware some might slip through.
While others said they are aware some non-affirmative cyber risk must exist in their ILS portfolios, but that they haven’t taken specific steps to identify or quantify it at this time.
“Based on the survey responses, the question that remains is whether there are any significant differences between the cyber exclusions used by ILS funds that believe they have some non-affirmative cyber exposure and the exclusions used by those that do not believe they have any non-affirmative cyber exposure,” PCS concluded.