Why we can’t take explosion of cyber insurance for granted

While cyber insurance offerings have expanded recently, the ability to keep up with demand for cyber insurance cover is a continuing challenge, and sustainable growth in the cyber insurance market should not be taken for granted, according to a new study by The Geneva Association, an insurance industry think tank.

The study identified three prerequisites to ensure the sustainability of cyber insurance:

• Customers and insurers must facilitate resilience at the source of risk
• Insurers need to make an acceptable return on capital
• Available capital must absorb shocks from accumulation risks

“Expanding the boundaries of insurability is not new for insurers,” said Anna Maria D’Hulster, secretary general of The Geneva Association. “However, cyber risks are taking us into uncharted territory. Both exposures and threats have distinct characteristics, bringing unprecedented challenges.”

The report identified four key cyber accumulation risk challenges:

• A single large event or a series of consecutive events could make affirmative cyber insurance unprofitable
• Insurers and reinsurers could underestimate cyber exposures, resulting in unplanned shocks from a major event
• Data of insufficient quality for more advanced modelling techniques
• Governments predominantly fail to provide frameworks for the sharing of cyber-terrorism-induced losses

“Cyber risk has distinct characteristics,” said Daniel Hoffman, senior advisor for insurance economics at the institute and the study’s primary author. “Exposure bases are hard to define and measure. Historical claims data are scarce and not good predictors. Threats are constantly evolving, can spread widely and rapidly, and a series of consecutive large events is plausible. Moreover, a high degree of interconnectivity may result in potentially boundless impacts.”