My first week at CyberCube ended in glittering style, with a visit to the Rendez-vous de Septembre in Monte Carlo, where I hosted a panel discussion exploring the risks and opportunities for the (re)insurance market from cyber.
It became clear from the discussion, with Symantec security strategist Laurent Heslault, Accenture insurance lead Max Richter and CyberCube CEO Pascal Millaire, that the always-connected economy is taking us into uncharted territory for risk and insurance.
As the global economy eagerly embraces the fast pace of technological change and demands a constant connection to the world, we are redefining the nature of risk.
To quote Munich Re’s CEO, Torsten Jerrowek, speaking in Monte Carlo on Sunday: “Cyber risks are one of the biggest threats to the networked economy”.
This is a global economic, social and political topic that cannot be ignored. And, as always in the reinsurance sector, risk and opportunity go hand-in-hand.
Just a couple of days ago, in Monte Carlo, Munich Re added its estimations for the speed and scale of growth in the cyber insurance market. The market will more than double to $8-9bn in the next 2 years. And mushroom to $20bn by 2025, the reinsurer said.
Accenture’s Max Richter told our Monte Carlo audience that for every $1 spent by businesses on information security today, only 4 cents are spent on cyber insurance.
Impressive numbers, indeed. But there is also a justified sense of caution in the reinsurance sector.
What could inhibit growth? On a catastrophe level, cyber risks don’t look much like natural catastrophes: they don’t occur in discrete geographies, or within specified seasons.
Believe it or not, hackers aren’t as predictable as Mother Nature – Both in terms of timings and methods of perpetrating their attacks.
Silent Cyber is also a challenge…. Losses popping up in non-affirmative covers, through outdated exclusions or vague insurance triggers in non-cyber policies allowing losses to creep in.
For example, PCS is estimating losses from the 2017 NotPetya malware attack at north of $3bn. And those losses were mostly submitted to non-affirmative cyber policies…
The nature of perils is changing, with cyber becoming a peril in itself, permeating many traditional lines of business.
Insurers are cautious, too about the maturity of the cyber insurance sector and its ability to harness meaningful data to quantify and price cyber risk appropriately.
Pascal Millaire emphasized that addressing the issue of modelling catastrophes and pricing them into insurance products is key to creating a sustainable solution for insurance buyers and the carriers themselves.
Modelling frequency and severity of loss is not enough. (Re)insurers need to access new data sources and adopt new methodologies to model aggregation risk as well.
If the (re)insurance market is to provide a meaningful solution to cyber threats, it needs to act sustainably and thoughtfully. And that will require some changes to the status quo.