Hidden cyber risk in US property insurance has $12.5 billion loss potential – report

Hidden cyber risk in US property insurance has $12.5 billion loss potential – report | Insurance Business America

Hidden cyber risk in US property insurance has $12.5 billion loss potential – report

A new study jointly conducted by CyberCube, AM Best and Aon has warned that cyber risk accumulating in the US property insurance market could lead to staggering losses of about $12.5 billion.

The study, entitled “Spotlight on Cyber: A study of aggregation risk in the US property insurance market,” noted that sufficient cyber risk is amassing in the market to trigger a one-in-100-year loss of $12.5 billion. The loss is so significant, that the study says it is enough to cause a downward transition of the Best’s Capital Adequacy Ratio (BCAR) for 18 US property carriers.

CyberCube had created a sample portfolio based on the US small business property industry for the study, and subjected it to modeled cyber loss scenarios while quantifying non-physical damage losses. The results were then used by AM Best to assess its impact on the balance sheets of some 579 US-based property insurers. Aon helped to quantify the risks and exposures written back into property policies, and to highlight some best practices for managing the risks.

The analysis found that of the 579 property insurers analyzed, 12 carriers fell one level in the BCAR, four dropped two levels, while one carrier fell three levels, and another fell four levels. The report concluded that although current levels of cyber exposure in US commercial property are manageable by the property industry, the exposure could affect ratings for a good portion of the market. It also suggested that the large growth in cyber exposures expected over the next few years will pose a challenge to the industry and its ability to adapt to changes.

In addition, the report noted that a combination of regulatory pressure and good portfolio management practice is pushing carriers to exclude (or affirm) cyber coverage from non-standalone policies – policies where “silent” cyber exposures can exist. CyberCube, AM Best, and Aon have also pointed out that it is becoming apparent that carriers may not be typically be underwriting or pricing cyber risk accordingly, despite explicitly offering cyber coverage in US commercial property policies. The researchers cautioned that cyber exposures in the US property market “may be unaccounted for” in insurers’ enterprise risk management strategies.

“CyberCube’s modeled loss figure of $12.5bn suggests that the US property market is exposed to $9.5bn of attritional losses and $3bn of catastrophic losses in the return period,” said CyberCube head of industry engagement Rebecca Bole. “It is apparent that the property market is already paying attritional losses for non-affirmative cyber coverage.”

“While losses of $12.5bn are relatively low when placed in the context of natural catastrophes, considering these exposures are often unpriced or unaccounted for in enterprise risk management, the impact on carriers can be significant and more importantly, unexpected,” added AM Best director of industry research Sridhar Manyem.

“As this research shows, quantification of the aggregation potential from cyber-related losses in property policies is very real. With property insurers affirming elements of cyber cover in their policies, insurers are exposed to significant losses, which are not necessarily priced accordingly,” commented Aon head of cyber analytics Jon Laux.