For capital markets investors it’s likely that cyber meets some of their investment needs, but a substantial lack of modelling capabilities means there’s no immediate, quick way for insurance-linked securities (ILS) to get into the space, according to cyber risk and (re)insurance experts Hans-Joachim Guenther and Peter Hacker.
In an interview with Artemis, cyber risk expert and board advisor Hacker, and Guenther, the owner and founder of PeriStrat GmbH, said that currently, the ILS appetite for cyber risk is rather limited.
As cyber risk continuously evolves and more and more breaches and network security failure occur driving increasingly complex and higher loss scenarios, the potential for ILS capacity to play a role has often been discussed.
While currently there’s no such thing as a cyber catastrophe bond, cyber ILS transactions in the form of collateralised reinsurance have been completed and although the modelling is a very real challenge, there is clear potential for greater ILS participation.
“Technically cyber is ticking a number of boxes: it is diversifying from nat cat and it appears mostly independent from other asset classes like bond or equity investments with just some correlation in case of a major tail event… but that’s the same for a nat cat tail event as well.
“However, the structure of ILS investments requires high modelling standards and a deep understanding of the modelling quality (‘data transparency’) or in other words a good understanding of the modelling shortcomings. Given the fact that Cyber modelling is still immature – too often based on secondary, proxy or passive threat intelligence – and likely 20 years behind nat cat modelling we do not see a fast way for ILS to get consistently into cyber but expect a steadily growing interest and involvement in developing modelling capabilities,” said Guenther.
Hacker adding, “We also believe that we will see soon some very early initial test cases, like a state sponsored “cyber bond”. Sovereign motivation might come along with willingness to offer an extra margin which might allow the ILS investor to consider this as additional risk premium to cover the uncertainties around an almost untested insurance exposure.”
When asked about the potential for cyber catastrophe bonds, the pair seemed confident that this will happen, but said that it may well take another one – two years in light of current modelling limitations and the lack of a cyber loss index for parametric bonds.
Both Guenther and Hacker noted that the cyber (re)insurance market (outside the US) is still in its infancy but emphasised that once the market becomes mature, and given the truly global exposure with no diversification by region compared to nat cat, “the capital markets are required to satisfy the capacity needs.”
“Our scenario studies suggest economic losses for major cyber events to amount up to USD 230bn with a fraction being potentially covered right now. Given growing digitization and massive expansion of IoT loss scenarios will get bigger. In just a few years Cyber has the potential to seek capacity well in excess of the worst nat cat scenarios. Such demand will not be digested by traditional capacity supply only.
“Experience suggests there should already be corporate demand for intangible asset protection, but corporate boards often don’t understand the actionable intelligence, pricing elements and coverage triggers offered and hence, there is too often scepticism towards an actual pay-out in case of a catastrophic claim,” explained Hacker.
While Guenther and Hacker feel that it will take time for the ILS space to play a truly meaningful role in the cyber space, they explained that there are certain things that ILS players can do today to have a positive influence on the market.
“Become a working party in developing data standards for cyber exposure recording, engage in the modelling scene, participate in the debate around claims made vs occurrence triggers and articulate what they need to develop an initial level of comfort around cyber. The risk is too big that any party or sector will be able to solve the challenges ahead. We need concerted action between traditional and ILS markets, regulators and policy makers,” said Hacker.
To conclude, Guenther underlined that given the reaction of investors in 2019 to the catastrophe loss experience of both 2017 and 2018, the introduction of cyber to the ILS space will require manager and investor education around the class of business.
“Investors must clearly understand the difference to nat cat – qualitatively as well as quantitatively – to avoid that capital market contribution will end-up in a yo-yo behaviour where investors claim to be caught in surprise and to have overallocated funds to this new class,” he said.