ILS investors should look to cyber, says S&P
Conditions for insurance-linked securities (ILS) investors are improving after several difficult years due to a growing number of natural catastrophes, according to a new report by S&P Global Ratings. At the same time, the report says, demand for protection from cyber risk is increasing, but the capacity offered by the re/insurance sector is not growing at the same pace, leading to significant policy rate rises and a protection gap.
"In our view, the cyber insurance market now presents an opportunity for ILS investors to gain exposure to cyber risks in the same way they did with natural catastrophe risks in the nineties following Hurricane Andrew in 1992," said S&P Global Ratings credit analyst Manuel Adam.
"However, so far, ILS investors have not shown much interest, and we believe that growth in cyber ILS will be slow in the short-to-medium term," he added.
The report, Cyber Risk In A New Era: The Future For Insurance-Linked Securities In The Cyber Market Looks Uncertain, says there are several reasons for this.
ILS investors have learned the hard way, the report says, that they can be exposed to perils that they had not fully modelled and/or priced for. In recent years, secondary perils have increased in frequency, and, in aggregate, resulted in higher losses than investors had expected. Cyber risks are not limited by region and can easily spread across the globe in a few seconds, exposing investors to accumulation risk and related losses.
ILS with exposure to underlying natural disaster risk offer diversification and real returns that are mostly independent of the capital markets, the report continues. In contrast, a big cyber event could trigger a decline or volatility in stock and bond market values, increasing the correlation with the capital markets.
Lastly, cyber ILS transactions can be very complex, and complex transactions are likely to fail, according to the report. A more simplified approach, starting with only one defined cyber peril, such as a cloud outage, a service provider outage, or an attack on critical infrastructure, instead of multi-peril agreements, will help investors better understand the underlying risk, and, as a result, quantify their risk exposure, the report concludes.
