Cyber models need to expand their scope in order to cover a much broader range of insurance lines if so-called “silent cyber” risks are to be identified and analyzed effectively, according to a new report.
A report from analytics firm CyberCube said that the growing pressure on insurers to identity non-affirmative cyber risks hidden within traditional non-cyber insurance products must lead to changes in the way the industry’s cyber modelling tools are constructed.
“Silent cyber,” or “non-affirmative cyber,” are terms used to describe unidentified cyber risks present within non-cyber insurance policies. As conventional insurance policies, many of which were drafted in the pre-internet era, were not designed to include cyber as a potential risk, they do not specifically reference digital perils.
“Insurers are finding themselves squeezed between regulators and reinsurers who both want the issue of non-affirmative cyber risk to be tackled,” said Ashwin Kashyap, co-founder and head of product & analytics at CyberCube. “The potential cost implications of failing to address it are frightening, At present, global standalone cyber premiums are estimated to be in the region of US$5.5 billion, but the connected exposures and premiums at risk from silent cyber across all property and casualty lines is higher by an order of magnitude. This explains the nervousness among market regulators and reinsurers.”
“Traditional insurance products were developed before cyber risk become a meaningful concern for reinsurers,” said Yvette Essen, head of content at CyberCube. “As conventional insurance policies were not designed to include cyber as a potential risk, they did not specifically reference digital perils (either proactively incorporating or excluding) as these were not actively considered at the time of underwriting. Recently developed insurance products are more explicit as to whether cyber risk is covered.”
