Amid growing concern over the safety net provided by the private sector, insurers have held discussions with the UK government over whether its terrorism reinsurance scheme should cover state-backed cyber attacks, suggests a report from the Financial Times.
Pool Re, the UK Government’s terrorism reinsurance scheme, was put in place in 1993 after underwriters stopped insuring acts of terror following IRA bombing campaigns in the UK.
Pool Re shares risk with primary insurers and though it is owned by the insurance industry, it can call on funding from the government in extreme circumstances. however, so far, it has not utilised this guarantee. The scheme has paid out over £600m in claims for events declared by the government to be the work of terrorists and built up an almost £7bn investment fund.
Now, according to the Financial Times, senior industry executives have had initial talks with Treasury officials over whether Pool Re could be expanded to cover state-sponsored or war-related cyber attacks.
In recent years, cyber losses have prompted underwriters to limit their exposure, with some insurers raising prices and tweaking policies.
In September last year, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks.
Lloyd’s warned that cyber losses “have the potential to greatly exceed what the insurance market is able to absorb.”
Also last year, Zurich reached a settlement with multinational food and beverage company Mondelez International to close a $100 million lawsuit against the insurer for refusing to pay out on cyber claims related to the 2017 NotPetya attack.
Zurich had denied claims from Mondelez on the grounds that the NotPetya attack, which initially targeted Ukrainian organisations, had been a state-sponsored attack by Russia and therefore fell under its act of war exemptions.
Bruce Hepburn, chief executive at Mactavish, an advisor to commercial insurance buyers, suggested extending Pool Re to cover state-backed cyber would be a “recipe for huge arguments”.
Pool Re currently reinsures physical damage caused by terror attacks that have a cyber trigger, but not if they are state-backed.
In addition, it does not underwrite any financial losses or seizure of data from cyber assaults that are the primary focus of insurance policies.
Hepburn added, “The government is well able to determine whether an event was a terrorism event, there are mechanisms for doing that. How in the hell do you decide it is a state-sponsored cyber attack?”
Meanwhile, the US Government called for views last year on whether a federal response to cyber was warranted, and whether its public-private terrorism insurance programme should have a role.
Lloyd’s responded to that consultation, stating there could be utility in such a programme for those areas in which the insurance industry has limited appetite to provide cover, specifically, losses caused by broad infrastructure outages or state-backed cyber attacks.
Earlier this month, specialist re/insurer Beazley confirmed that it has sponsored a ground-breaking cyber catastrophe bond transaction, designed to cover remote probability catastrophic and systemic cyber events, with the potential for more deals later in 2023 and beyond.
According to Beazley, the $45 million private section 4(2) transaction is fully tradeable under Rule 144A resale and provides the firm with indemnity against all perils in excess of a $300 million catastrophe event.
As we reported earlier, this cyber bond is backed by a panel of ILS investors, including Fermat Capital Management, and was structured by Gallagher Securities, the ILS division of reinsurance broker Gallagher Re.
Further, just this week, Hannover Re, one of the world’s largest reinsurers, has, for the first time, transferred cyber risks to the capital markets via a proportional reinsurance solution, with New York-based Stone Ridge Asset Management supporting the transaction with USD 100 million of capital.
The German reinsurer has created an additional retrocession tool that enables capital market investors to participate directly in its cyber risks through a quota share cession.
This debut transaction covers cyber risks in Hannover Re’s worldwide portfolio and has a long-term orientation, and it’s hoped that the firm will be able to build on this deal and grow its relationships with insurance-linked securities (ILS) investors. All of which suggesting that capital markets may be another alternative source of cyber reinsurance.