Analysts at S&P Global Ratings have called on insurers and reinsurers to better screen their insurance portfolios for non-affirmative cyber exposures or manage them, warning that failure to do so might result in significant losses in the future.
In a recent report, S&P has said that economic and insured losses from cyber events are mounting for re/insurers, adding that while the market has been profitable in light of minimal large insured cyber losses, it remains an “immature” marketplace.
For some time now, cyber risk has been viewed as both a great opportunity and challenge for global insurers and reinsurers.
Growing interconnectedness across the globe and the ongoing transition to a truly digital world has undoubtedly raised the potential for cyber losses, which in turn has led to growth in the market.
However, according to S&P, growth has been hindered by a lack of global standards, which includes a homogenous definition of cyber events, liberal exclusions, and relatively low sums at risk offered by re/insurance companies.
Underwriting cyber risk is challenging, something which is exacerbated by a lack of cyber risk modelling, partly driven by the fact that there isn’t yet an historical set of cyber attack and loss data, especially when compared with exposures in the natural catastrophe space, for example.
“What’s more, we believe considerable silent cyber exposure is embedded in traditional insurance and reinsurance products,” said S&P Global Ratings credit analyst, Johannes Bender.
The ratings agency has called on re/insurers to start screening their insurance portfolios for silent-cyber exposures or manage them, warning that failure to do so might well result in losses becoming significant and create volatility in capital and earnings in the near future.
S&P feels that the global affirmative cyber insurance market will continue to expand faster than most other traditional lines, adding that it could reach $8 billion in gross written premiums by 2022, compared with around $5 billion in 2018.
Despite the challenges, S&P states that a lack of large cyber losses has meant that it’s been a profitable line of business for firms, while the number of both insurers and reinsurers offering cyber cover is on the rise.
“We think reinsurers are well placed to harness this business potential if they can develop cyber ecosystems and improve cyber modelling, while managing accumulation risk and silent cyber exposure,” said Bender.
A recent cyber attack which has the potential to become a significant loss for the industry can be seen with the Capital One data breach, which PCS has designated under its PCS Global Cyber platform as a global risk loss, and which it is currently monitoring for further developments.