“Cyber Risk Accumulation: Fully Tackling the Insurability Challenge’” is a useful new report from The Geneva Association (GA), “a global association of insurance and reinsurance CEOs and think tank for the insurance industry.” See information on the report here.
We found a number of the report’s findings valuable, including the role and recent history of cyber ILS (insurance-linked securities) and the capital markets in the sector.
But much of the report deals with the theory and practice of modeling systemic risk in the cyber insurance sector. Bottom line: While risk modeling is improving, its value is inherently limited due to the unique characteristics of cyber risk (versus traditional insurance risks). GA recommends increased use of insurance-linked securities, greater regulation and government insurance back stops (see one of our recent reports on that controversial topic).
From the GA report:
‘“Better risk modelling, while necessary, will likely not be sufficient to attract significant additional risk-absorbing capital. Residual cyber uncertainties remain that constrain what is knowable and can be reliably modelled, which reduce re/insurers’ appetite to take on greater cyber risks. Other institutional innovations may therefore be required to foster a larger, sustainable cyber re/insurance market capable of addressing the future protection needs of policyholders. These include initiatives that:
●Capture standardised claims data and coordinate information sharing and knowledge exchange about cyber risks and exposures. This could involve increased cooperation with key stakeholders such as government security agencies and major technology companies who may have unique insights on evolving threats and vulnerabilities. A number of recent partnerships between cloud service providers and re/insurers illustrate the potential benefits of such collaboration.
●Foster mechanisms to pool cyber exposures among risk carriers as well as transfer cyber risks to capital markets through innovative instruments that match investor appetite better and allow greater transfer of peak cyber risks. Recent developments illustrate that the cyber insurance-linked securities (ILS) market, though small, is maturing and investor interest is growing.
●Create enhanced legal liability regimes to incentivise IT firms to develop secure hardware and software that are more robust to cyberattacks. Such an approach is a core pillar of the U.S. national cybersecurity strategy, which aims to reduce cyber risk and shift the consequences of poor cybersecurity away from the most vulnerable.”