Maksim shmeljov/
20 October 2019ILS

Cyber reinsurers need ILS, ILS needs cyber reinsurers

Are you excited about the growth of the cyber market? If we don’t get the insurance-linked securities (ILS) sector engaged in cyber soon, there will be a lot less to celebrate in the next few years. Without access to more capacity, cyber insurance growth will be harder to fuel.

Not everyone agrees with me on this. Let’s take the London Market, for example. There’s a belief across the Atlantic that London has ample cyber reinsurance capacity available. This may be true, depending on how narrow your views of “ample” and “capacity” are. Can the London Market support very specific types of commodity cyber growth? Probably. Is that the entirety of what the global cyber market needs? Absolutely not.

If you’re taking a global view of the cyber market, don’t believe what you hear in the London Market, especially if you hear it after 4pm on a Friday afternoon at The Grapes.

Out here in Bermuda (and in the rest of the world), perceptions of the cyber reinsurance market’s near-term challenges are more nuanced. There’s sufficient capacity worldwide to fuel growth, although not enough to support the full set of needs of cedants (and end insureds) likely to arise in the next year or two, and the capacity discussion in general often leads to a retro discussion specifically.

As reinsurers develop appetites for retrocessional protection, they’re quickly finding the community of capacity providers to be particularly small. Everyone who writes cyber, it seems, is generally on the same programmes. There aren’t many players left who are hungry for cyber and not already heavily engaged in the sector. The few players willing to put down big lines without worrying about concentrations tend to charge for the privilege, which can frustrate efforts to manage risk and capital effectively.

Bermuda prepares

Retro may not be an urgent need right now, but the Bermuda market seems to see it coming. And there’s a clear sense in the local market that testing retro structures and doing some more modest buys now would make a lot more sense than negotiating blindly when retro is a necessity rather than a luxury.

Based on the characteristics of the current cyber re/insurance market, it’s easy to see what’s missing: new sources of capital not currently engaged in cyber and (ideally) from outside the re/insurance sector to provide some protection from systemic risk. It’s a situation almost perfectly designed for ILS.

A little more than a decade ago, before catastrophe bonds had their breakout year in 2007 (with a whopping $7 billion in issuance), the ILS sector was pushing hard the benefits of alternative capital. Being a source of capital diversification was among them: if a systemic risk hit the global re/insurance system, fully collateralised ILS covers from the capital markets would bring capacity from outside the system.

There was the further benefit of engaging end investors that weren’t invested in catastrophe risk at the time. ILS provided fresh capital that’s diversifying for an investor community interested in new asset classes, particularly if correlation to global financial markets is perceived to be low.

It doesn’t take long to see how the ILS pitch of 2006 and 2007 for catastrophe risk applies now to global cyber. Systemic risk always comes up in conversations about cyber re/insurance. There’s a need for new capacity, and if it helps diversify sources of capital, all the better.

Further, there’s a need for additional capacity that doesn’t have accumulation or concentration issues with risks already in the portfolio—a challenge ILS is uniquely suited to address.

Understanding and price

Why is ILS capacity not flowing into cyber? To be clear, there’s already some limited ILS participation in cyber, but it’s been pretty tactical and seemingly opportunistic. To bring ILS to cyber with scale, two problems have to be addressed: understanding and price.

The first is fairly straightforward. ILS funds need to spend time understanding cyber, learning more about loss history (insured and economic), and building the models they need to price risk and assume business. The sector is certainly interested and has begun some of these efforts. Unfortunately, heavy catastrophe activity in 2017 and 2018 required significant amounts of attention and capital, which delayed efforts at cyber market entry. As the losses from the past few years stabilise, we expect to see more ILS effort in the space.

The second is more difficult. ILS funds need to figure out pricing, and some have already done so, and that reveals the second difficulty in bringing ILS capacity to cyber. Cedants stubbornly believe that protection doesn’t need to be expensive, and they may have views on rates that protection sellers would call unrealistic. Of course, there are no innocent souls in the global reinsurance market. Protection sellers are eager to hold the line on pricing because, they believe, they’ll never get more than they do on day one.

As capacity enters the market, pricing can only come down, even when big loss years occur. Having been stung by rate pressure even after hefty catastrophe years, it’s easy to see their reasoning. Of course, the truth always lands somewhere in the middle, and for ILS to gain access to cyber risk, both sides of the trade are going to have to give a little. This is most likely to occur when the urgency of retro buying edges higher.

The one thing that’s been missing is that first meeting of the minds. It’s time for cyber reinsurers to admit that they need the ILS market—and to come to the table. And the ILS community needs to admit that it needs cyber reinsurance risk, particularly as it seeks diversification and growth—and to come to the table too. In Bermuda, it looks as though both sides are circling the table, but they won’t sit without a nudge. Whose job is that? Hey, brokers, we’re looking at you!