The first more public cyber insurance-linked securities (ILS), or cyber catastrophe bond deal cannot be far away, panellists concluded at an ILS roundtable hosted by global reinsurance firm Munich Re in Monte Carlo this morning.
Paul Schultz, the CEO of Aon Securities, the capital markets arm of the insurance and reinsurance broker, went on the record to state that he expects his team will get a cyber ILS deal done in 2023.
The insurance-linked securities (ILS) market is already active in cyber risks, while many of the leading ILS fund managers are able to invest in cyber insurance or reinsurance, but so far deals done have been private, bilateral and relatively small, and in collateralized reinsurance format.
Schultz outlined what’s been done so far and why cyber ILS hasn’t perhaps taken off as quickly as some hoped.
“There has been cyber transacted in the collateralized market, it just hasn’t been in more of the publicly available sort of information that’s out there, So there’s certainly cyber transactions that have been done,” he said.
Schultz continued, “We’ve spent a lot of time with managers talking about cyber trying to provide some education from our colleagues that are specialists in cyber and I think we’ve made progress.
“We would say there’s probably 12 to 16 managers today that that will write cyber in some fashion.
“Having said all that, right now the experience in the market is that the demand to buy cyber cover isn’t exceeding the supply of capital that’s available to write.”
The Aon Securities CEO went on to explain that currently there isn’t enough incentivising buyers of cyber risk transfer to require more capacity, as they are not really being pushed by regulators, rating agencies or shareholders, to protect themselves.
“So, part of it is that we’re not seeing the underlying demand created for more insurance cyber getting done, which leads to more reinsurance cyber getting done, which then ultimately leads to the ILS market kind of stepping in.
“The market would prefer to buy quota share cyber capacity, that doesn’t work as well with the ILS market, the ILS market would rather sell excess-of-loss cyber protection.
“So before you even get into wording, you have to deal with some of the structural issues, which I think everyone knows we’ll get to at some point, we just haven’t gotten there,” Schultz said.
However, he ventured, “But I’ll go on record and say we’ll get a cyber deal done in 2023.”
During the roundtable discussion, Michael Millette, Founder and Managing Partner at reinsurance investment manager Hudson Structured Capital Management (HSCM), added some thoughts on what’s been challenging the industry when it comes to cyber risk.
“Cyber accumulations have been a great source of concern for the industry, less for capital markets investors because capital markets investors have taken very discreet limited layers of risk here and there. But they’ve been a great source of concern for the industry,” Millette explained.
Adding that, “I think we need to invest a lot more care in thinking about extreme tail risk, or about extreme accumulations.
“Part of the reason for that is state actors go both ways and we’ve seen that this year. Cyber Risk is actually in some ways, more like outage risk, than it is like cat risk.
“If any individual company is hacked, that is a problem for them and they have to figure out how to recover. If every one is hacked, that is a problem for society and governments will intervene.”
Later, Schultz of Aon Securities said that his firm is exploring potential origination sources for cyber ILS deals and the focus is much broader than the typical reinsurance and retrocession focus of developing new ILS products.
Typically, ILS capital gets its first taste of a new risk or peril on the retro side, or reinsurance at best.
But Schultz said his team spend time with corporations, as they look for sources of cyber risk that could be more appealing to investors.
“We’re spending a fair amount of time already on the topic of cyber, I think we can always spend more ,” Schultz said. “We’re spending it with direct cedents, so the corporations of the world trying to find someone that might, you know, want to want to buy differently.”
He said the Aon Securities team is also talking with insurance and reinsurance market players, of course.
But added that, “At the end of the day, I think we’re gonna have to find a little bit of a pioneering partner on this.”
He further explained, “When you go back to the early days of the cat bond market, USAA decided they were going to support this market, realised that they probably paid more, or they knew they paid more, but they took a multi-year view and maybe even longer view at that point to invest in the market to create capacity, which you know, they had the foresight to see that they were going to need at some point.
“I think on cyber it’s a similar topic.”
Schultz explained that the ILS market may need to find partners that are looking for more defined coverage, across narrower risks that can be better understood.
“We need to find partners that are going to say, perhaps I’ll look at cloud outage only as a way to get something done, I won’t worry about breach you know, breach is a much harder to get your arms around.
“We’ll look at, not necessarily a parametric view of it, but we’ll look at a narrower lane with guardrails up, so a much more narrow focus than kind of the broad topic of cyber,” Schultz said.
He went on to say that you still have to come back to the principal observation, “there’s not a shortage of capacity for what is being purchased,” currently in the industry.
“You’re gonna have to debate whether what’s being purchased is adequate, and that’s an easy debate to have. But when you’re looking at what is being purchased today, our brokers and the brokers in the industry are not struggling to place cyber,” Schultz closed.
It’s encouraging that originators are looking at how to tap sources of cyber cover demand that may be underserved, as well as where the risks themselves may be easier to wrap understanding around, model and price.
That sounds like a more feasible way to get a first deal done, and while it doesn’t align with the broader, often quota share like, ambitions of cyber re/insurers, when they consider new sources of coverage, it’s perhaps a more exciting prospect anyway, given the untapped sources of risk in the world’s major corporations.
We look forward to seeing the first full-blown cyber ILS or cat bond next year.