Advertise with Reinsurance News


Reinsurance News

Reinsurance backstops are key to addressing systemic cyber risk: EastWest Institute

13th June 2019 - Author: Matt Sheehan

A new report from the EastWest Institute has argued that the creation of government backstops in the form of private reinsurance pools will be one of the key pillars in enabling the insurance industry to guard against systemic cyber risk and avoid catastrophic losses.

Cyber risk insurance and reinsuranceThe non-profit thinktank suggested that such an approach would increase the overall capacity of the market to handle a major, multi-market loss.

It advocated for a model similar to those already created to handle terrorist events, such as the Terrorism Risk Insurance Act (TRIA) in the U.S and Pool Re in the UK.

“Due to the innovative and evolving nature of the insurance market, the insurance industry is not currently seeking to establish a backstop program,” the report stated.

“Nevertheless, with the increasing accumulation of cyber risk and cyberrelated dependencies, incidents may result in claims beyond the insurance market’s current capacity. Governments should consider creating a targeted backstop program for systemic cyber incidents.”

Such a program, EastWest claimed, would include an agreement between a government and a private reinsurance pool, in which the government would cover a proportion of the losses from a cyber incident above a certain threshold.

Prior to the coverage of losses by the government, a designated official would certify that the systemic cyber incidents resulted in catastrophic losses to the re/insurance industry and are eligible for coverage under the legislation.

The program may also include a requirement that all primary insurers offer cyber coverage to commercial clients, multi-line coverage, and incentives for consumers and service providers to invest in cybersecurity.

EastWest further recommended that the re/insurance industry should further explore insurance-linked securities (ILS) and catastrophe bonds as a means to strengthen the cyber market and provide additional capacity.

This capacity, however, will likely need to be leveraged in conjunction with a number of other approaches to fully engage with the challenge of systemic cyber risk, analysts said.

These include enhancements to cyber insurance underwriting ability through the use of existing cybersecurity frameworks, data, in-house cyber expertise, and the harmonisation of underwriting practices based on international security standards or sector-specific requirements.

Another approach would require insurers to develop new business models by partnering with cybersecurity and technology companies, EastWest said, as well as exploring advanced analytics, promoting loss control products, and tying financial incentives to cybersecurity practices.

Finally, re/insurers will need to increase the transparency and uniformity of their policy language to reduce uncertainty around the definitions of cyber incidents, coverage types, and triggers, particularly in regard to key terms such as ‘act of war,’ ‘state actors,’ and ‘state cyber attacks.’

“Cyber risk is a dynamic and growing threat to industry and infrastructure alike, with the potential to inflict catastrophic damage in the event of a systemic incident,” notes Bruce McConnell, EWI Executive Vice President and a co-author of the report. “The report offers a framework to understand the complexities of systemic cyber risk—underscoring the importance of both enhancing insurance underwriting ability and strengthening cyber resilience across interconnected systems.”

“Cyber insurance has grown into an important component of industry’s risk mitigation strategy, so it’s vital that we have a sustainable cyber insurance market,” added Matt McCabe, Senior Vice President, Cyber Practice at Marsh, and a contributor to the report.

Raj M. Shah, Co-CEO at, also commented: “Companies are doing a better job of assessing cyber risk through automated tools and advanced analytics, but there remains a need to integrate these efforts with insurance underwriting for meaningful cyber risk management.”

“The recommendations in the report are geared towards an approach where insurance providers, brokers, and enterprises share specific risk data to enhance everyone’s ability to measure and manage cyber risk in real time,” he explained.

Recent Reinsurance News

Getting your daily reinsurance news from Reinsurance News is a simple way to receive only the reinsurance industry news that matters, delivered directly to your email inbox.

  • Only email is mandatory, but the more you tell us about yourself the better we can serve you in future!
  • This field is for validation purposes and should be left unchanged.

By submitting the form you are giving your consent to be emailed by us.

Read previous article:
W&I claims are increasing in frequency and severity, says AIG

Global insurer AIG has highlighted an increase in both the frequency and severity of Warranty & Indemnity (W&I) claims across...