While cyber insurance has been touted as a key growth opportunity for the global insurance industry, with a compound growth rate of 38% annually between 2009-2014, Fitch Ratings has flagged what they call ‘the dark side of the golden opportunity’.
The global rating agency has stressed the extremely high aggregation risk associated with cyber-attacks which it says raises the question of insurability, according to its report The Rise of Cyber Insurance: Growth Opportunity Paired with Incalculable Threat.
“Growing cyber threats could pose a credit risk to Fitch’s rated insurance companies entering this market,” the report said. “Cyber risks today have features that make them very difficult to price with traditional actuarial methods.
“Damages from cyber-attacks differ from traditional insurable risks in that their scale and consequently the financial loss associated with them could be significantly higher and more widespread than any other risk insured today.
“The interconnectedness of today’s technology makes it possible to spread a computer virus within seconds around the globe. In addition, consequences such as loss of reputation and other intangible damage can be very difficult if not impossible to insure.”
Also, it said the increased popularity of cloud services had exacerbated the problem of interconnectedness of software and IT infrastructure.
This, it said, raised the question of insurability: “Especially when it comes to cyber warfare/terrorism and if insurance companies around the globe are willing and able to place such a potentially sizeable risk on their balance sheets.”
The report went on to explain that the cross-border nature of cyber crime undermined any geographic diversification through reinsurance.
Indeed, the agency said reinsurers made use of exclusion clauses such as CL380 to keep control of their exposure.
“With cyber risk and relating legislation remaining largely uncertain, Fitch believes that cyber reinsurance will remain limited,” the report said.
However, it said that commercial pressures at renewal had meant terms and conditions had begun to weaken and reinsurers “could be tempted to include cyber risks in their general property and business interruption policies in order to slow the decline in their premiums”.
The agency also warned it was turning the spotlight on its insurance population which was as vulnerable as any other industry to cyber crime.
“Fitch is increasing its focus on cyber exposure monitoring and protection purchased by its rated insurance universe,” the report said. “Insurers now collect and store more personal information about their clients than ever before.”
It said while such data was encrypted in most cases, the quality of companies’ data protection efforts could vary considerably.
On a positive note, however, it said: “Fitch believes that as insurers build their internal understanding of cyber risk protection, the expertise in protecting their clients from cyber risks will also increase.”