The impact of COVID-19
With the COVID-19 crisis in full swing at the time of writing, cyber risk has become a hotter topic than ever. Recent news reports have highlighted an increase in ransomware in the health sector; an accelerated shift from paper money to digital forms of payment; and shops emptied of laptops as people prepare for an extended period of working from home.
Whether they wanted to do it or not, consumers and businesses are being plunged into the digital world: from supermarkets with home delivery apps to whole companies working from home, we are more dependent than ever on the internet, with all the benefits and risks that it brings.
“A number of corporates and businesses at large which were not truly ready are being thrown into the digital space without the layers of people training, process integrity and technology capabilities: they are not ready but have no choice,” says Henri Winand, chief executive officer of AkinovA, the electronic marketplace for trading re/insurance risk.
“That increases materially the risks of a cyber ‘pandemic, but at the speed of light’ as a realistic scenario.”
Because of this, Winand believes, the re/insurance industry must create capacity for a surge in cyber risk.
“Cyber is not really a class of business, it’s a peril or a risk that permeates about $170 trillion of P&C assets and also a few tens-of-trillions of life assets,” he says.
“Ready or not, COVID-19 catapults us all into full digital working environments. In the short term, this means that more bad actors are going after vital infrastructures with ransomware attacks and targeted disruption attacks, in the hope that payments will be forthcoming to resume operations and that the distraction means people will make mistakes. Some of those will not be found for some time, until after the crisis fades.
“COVID 19 is throwing entire economies and companies into working remotely, faster than they could have anticipated, and without leaving much time for testing,” says Winand.
“It’s true that companies, governments and institutions have gone digital for some time, but that does not mean they’re ready to have all or most of their employees and subcontractors working away from the office,” he notes. “This will now have to be a business continuity/disaster scenario which all organisations, big and small will have to grapple with.”
The growth of cyber reinsurance
Andrew Laing, head of global cyber and emerging risks for PartnerRe, says there is a growing awareness of the increased frequency and severity of data breaches, particularly at the C-suite and board level. This is one of a number of factors currently driving growth in cyber reinsurance, he says.
Others include the introduction of stricter legislation and the tightening of current regimes, and an increased focus on reputational risk and balance sheet protection.
“An increased interest in managing supply chain risk with growing demand for business interruption cover and digital asset restoration in certain industries is also driving growth,” Laing says.
“Reinsurers are participating meaningfully in the expansion of one of the fastest-growing lines of insurance business globally. Reinsurers continue to bring a material portion of the much-needed capacity to this line.
“In the product space, while proportional treaties still represent the majority of the premium ceded to reinsurers, we are seeing an increased demand for cyber aggregate excess of loss reinsurance products,” he adds.
New and additional capacity has been generally available for excess of loss reinsurance purchasers, he says.
“We expect that demand will continue to be met by an increase in supply.”
Bermuda’s role, and key challenges
Winand believes that Bermuda’s strong risk transfer ecosystem and strong, transparent regulatory framework give it an advantage in the cyber re/insurance market.
Laing agrees. “Bermuda is already a leader in segments of the cyber re/insurance market,” he says. “In particular, the Bermuda market is a leader in providing cyber excess of loss reinsurance capacity. The intellectual and economic capital available in the broader Bermuda market is well suited to expand on this current position.
“The Bermuda cyber market is gaining momentum and will continue to provide meaningful capacity as the global market grows.”
There are some clear challenges for reinsurers in this market. Laing notes that reinsurers are faced with evolving accumulations across their portfolios that must be continuously monitored.
“This is on top of primary insurer concerns in this new and evolving line, like loss trends and the ever-changing underlying threat environment,” he says.
“Reinsurers also experience a data reporting lag as with other lines. However, due to the continuous and sometimes rapid evolution of the cyber market, the ability to harness more current data for cyber remains at the same time a priority and challenge.”
Looking to the future
Winand believes that for re/insurance to play an active role and capture a significant share of the growth in cyber, it must access capital markets and insurance-linked securities (ILS) at scale, with more dynamic regulated mechanisms and simpler products than those available today.
“If that’s not developed within a relatively short timeframe, this growth will largely miss the industry as businesses find other mechanisms than re/insurance to find meaningful business interruption and intangible assets protection,” he says.
“This is what happened in the past,” he adds. “The non-reinsurance finance sector managed to cover counterparty credit risk at scale to meet its requirements, largely bypassing re/insurance, and this has expanded to some parts of the business world outside the financial sector.”
Laing agrees that ILS and alternative financial vehicles have a significant role to play.
“These types of vehicles can be useful in bringing diversified capital into the cyber re/insurance value chain, as with other lines of business,” he says.
“While we have seen relatively limited activity to date, as the understanding of the cyber peril continues to improve, we expect ILS and alternative financial vehicles to play an ever-increasing role in providing the capital needed to support this line. Predictive analytics will play an important role in bridging the comfort-gap between the cyber peril and ILS and alternative vehicles.”
As the sector matures, re/insurers continue to deepen their understanding of new risk areas and improve their risk modelling capabilities.
“This is driving innovation in product development as re/insurers are using better data and modelling to enhance their current core propositions,” says Laing.
“For example, we’re seeing improved coverage in critical areas such as business interruption, as well as expansion of cover to other assets with cyber triggers, including physical damage and financial loss, which weren’t previously widely available.”
Winand agrees that modelling has a key role to play.
“While better models can certainly help, none will ever be precisely accurate,” he says. “Broadly correct models are good enough, and the real need is to match risks to capital more dynamically: cyber risks and perils are highly dynamic.
“What’s really needed is an electronic, independent, regulated, all-in-one venue to transfer and trade risks—to truly match a dynamic risk at speed as indices vary and increase capital velocity and reduce trapped collateral.”
