Cyber risk transfer represents a true commercial opportunity for the insurance-linked securities (ILS) marketplace, and with the help of analytics, better modelling and pricing metrics, the development of indices, triggers, and parametric cyber bonds might not be too far away, according to Credit Suisse’s Benjamin Jacquet.
Speaking to Clear Path Analysis about the potential for ILS to play a role in the growing cyber risk transfer space, ILS Underwriter & Cyber Risk Expert at Credit Suisse Insurance-Linked Strategies, Jacquet, highlighted a need for increased ability to price and model the risk.
“The capital markets will want to understand their risks, though, since they are very model driven. The accumulation of exposure is also important. When we talk about cyber risks, the accumulation of exposure, as well as the ability to price and model the risks, are two challenges that we see but are being addressed.
“This is why we feel that cyber is an opportunity for the ILS market,” said Jacquet.
One of the reasons ILS capacity has, for the most part, participated in property catastrophe re/insurance risk concerns the advanced modelling capabilities, which ultimately increase the understanding of the risks and enables more accurate and efficient pricing.
Although cyber risk has been around for some time, with some insurers being active in the space since the early 2000s, the growing interconnectedness of the world combined with rapidly advancing technology has brought cyber to the very front of risk transfer discussions.
Furthermore, the recent WannaCry ransomware attack highlighted just how far-reaching and potentially costly a cyber attack can be, underlining the need for not just re/insurance capacity, but also the deep capital pool of the ILS, or alternative reinsurance space.
“Aside from this (WannaCry) potential very large loss, the track record is almost non-existent. This contributes to making risk carriers very cautious about their approach. This is why it leaves the market in the current position where large companies have difficulty in finding cyber insurance with high limits.
“We believe that this situation creates a real commercial opportunity for the capital markets. This is because there is demand from large companies, and even SMEs, who need capacity,” said Jacquet.
Currently, Jacquet said that cyber insurance is mostly focused on data breaches, specifically first response cover that includes protection for a number of related costs.
And while an important element of first response cover includes business interruption, and contingent business interruption, and despite other coverages addressing third-party liability risks and extortion, where ILS has the potential to play, Jacquet feels that silent cyber threats could also be a place for ILS to have an influence.
“Silent cyber is quite an issue for insurers and reinsurers, especially the management and monitoring of such exposures.
“What we mean by silent cyber exposure is the loss potential from non cyber policies. These are still theoretically exposed to cyber as a peril (i.e. cyber attacks). This can affect many standard insurance products such as liability insurance and property policies,” explained Jacquet.
An additional issue with silent cyber is with defining the cyber-related event, with even the most basic attacks being “hard to define in space and time.”
However, Jacquet feels that with “the help of analytics, insurance/reinsurance companies and structuring agents may find solutions in the form of parametric bonds.
“They may thus find ways to make the abundant capital that is available in the market meet the needs for protection against cyber catastrophes.”
Artemis actually discussed the potential for cyber catastrophe bonds earlier this year, where two cyber experts said that it’s now time to make this a reality.
According to Jacquet this will require the establishment of indices and triggers, which, although difficult to achieve with a lack of historical data, he feels will increase over time as regulation around cyber breaches tighten.
In Europe, for example, the introduction of the General Data Protection Requirement will see companies have to report data breaches, ultimately making relevant data more readily available to insurers, reinsurers and ILS players.
“This can help analytics companies, insurers, reinsurers and the ILS market in general to grasp this risk better. Then, we can make it work for the ILS in a securitized form, such as what we have seen with bonds or industry loss warranties.
“The ILS market is definitely open and ready to explore such opportunities,” said Jacquet.
Join Artemis in Singapore on July 13th 2017 for ILS Asia, tickets on sale here