Reinsurers failing to help insurers manage cyber exposures, warns Hiscox Re

20-10-2019

The reinsurance market is not yet providing a “suitable, sustainable, and scalable response to meet the challenge of a cyber catastrophe,” according to Devin Page, head of specialty reinsurance at Hiscox Re.

Reinsurers must develop products to help insurers tackle the cyber threat, he said. “It's the reinsurer’s job to help insurers efficiently manage and transfer their cyber risk but, in many cases, program structures are not fit for purpose,” admitted Page. 

Page warned that a devastating cyber catastrophe is now capable of inflicting similar losses to natural catastrophes like hurricanes, floods and earthquakes, or terrorist attacks.

Global digital connectivity, greater penetration of cyber insurance, inadequate contract wordings and the silent cyber threat had raised the stakes for cyber risk, he said. 

“Higher limits and the widening of terms and conditions in areas like contingent business interruption and supply chain failure means the overall amount of systemic cyber risk shouldered by the insurance market is growing at a rapid rate,” he warned. 

Page called for more capital efficient products to ensure insurers can keep up with demand for cyber coverage, calling on ILS investors to step up - and quickly.

“This need for capital provides an obvious opportunity for ILS investors,” he said. 

Page said: “Many cedants only protect themselves with proportional reinsurance. These structures work well for lines where loss ratios stay relatively stable but for cat lines where there is significant volatility, they are less effective.” 

Proportional structures mean insurers miss out on profit in good years and lose control of losses in bad years, he said. WIth no stand-alone subject portfolio to cede to reinsurers, proportional structures are also ill-suited to effectively deal with non-affirmative cyber, he added. 

Page said: “Encouraging insurers to purchase their cyber reinsurance on a non-proportional basis allows the cedant to retain their profit in good years while protecting them against tail risk in the bad.”

Page cited 2017’s WannaCry and NotPetya ransomware incident as warnings to the industry about the potential devastation that could follow a large scale cyber attack. 

“On both occasions, the low penetration of cyber insurance in the areas and businesses they hit meant insured losses were low,” he said. “However, there are several factors at work that could result in a market changing Hurricane Andrew or Katrina level event for cyber.”

Devin Page, Hiscox Re,

Bermuda Re