Despite its complexities, insurers and companies can get to grips with cyber risk, Swiss Re sigma says

01 March 2017, Zurich

Cyber risk is a growing concern for businesses, with recent attacks demonstrating that the costs of a cyber breach can escalate well beyond managing the fallout of lost or corrupted data. Swiss Re's latest sigma report "Cyber: getting to grips with a complex risk", says businesses need to do much more to integrate cyber security into their risk management programmes. Initiatives to boost cyber resilience are underway.

A dedicated cyber insurance market is developing rapidly, but so far the scope of cover is modest relative to potential exposure. Product and process innovation and also advanced analytics will help foster improved cyber insurance solutions and extend both the boundaries of insurability and reach of cover. Ultimately, some cyber risks, especially those related to extreme catastrophic loss events, may be uninsurable. For such risks, there may be a case for a government-sponsored back-stop.

Recent high-profile cyber-attacks increasingly demonstrate that the costs of a cyber security breach extend beyond managing the fallout of lost or corrupted data. Firms must now factor in the potential damage to their reputation, physical and intellectual property, and also disruption to business operations. The increasing scope and magnitude of potential costs associated with cyber-incidents reflect the ever-evolving cyber risk landscape, which in turn is being shaped by three main dynamics:

- the growing speed and scope of digital transformation;

- the widening sources of vulnerability from hyper-connectivity, with the rapid spread of, for example, internet-enabled devices and cloud computing;

- and the growing sophistication of hackers alert to the potential economic gains from successful cyber-attacks.

Despite increased awareness of the dangers, firms are generally ill-prepared to cope with cyber risks. Relatively few firms have integrated cyber security into their mainstream risk management. Regulation could be a catalyst for change with legislation coming into force in many jurisdictions requiring firms to build enhanced data protection safeguards. As a result, "firms - large and small - need to invest more in cyber security architecture to develop robust pre-and post-loss risk management capabilities," says Swiss Re Chief Economist Kurt Karl.

Managing a complex risk

Many firms are looking to transfer cyber risks to third parties better-placed to absorb them. "A dedicated cyber insurance market is developing, and an increasing number of insurers are looking to write more business in this specialty line," Kurt Karl continues. Dedicated cyber insurance typically provides core protection against data and network security breaches and associated losses, with capacity limits in the market today ranging from around USD 5 million to USD 100 million. However, some significant cyber-related risks remain largely uninsured and the scale of existing cover is modest relative to companies' overall potential exposures.

A key constraint on the development of insurance solutions is linked to the intrinsic nature of cyber risks. They are complex and difficult to quantify, especially given the fast-changing technological environment and lack of historical cyber-related claims data from which to extrapolate information about possible future losses. Insurers and risk analytics vendors are experimenting with different approaches to cyber risk modelling, including deterministic scenario analyses and probabilistic models, in an attempt to estimate the potential losses of cyber events. The experience of other perils, such as natural catastrophes, offers hope that models will continually improve as understanding of the fundamental risk drivers develops and more data about cyber losses becomes available.

Product and process innovation

In the meantime, product and process innovation in insurance and other risk transfer mechanisms will play an important role in upgrading cyber risk management capabilities. A crucial factor influencing the pace of innovation will be the capture and analysis of relevant data and threat intelligence needed to underwrite cyber risks accurately. There are ongoing industry developments to upgrade information collection and dissemination.

For example, various risk analytics vendors have built data schema that provide firms with a standardised approach to identify, quantify and report cyber exposure to insurers. Similarly, the CRO Forum is promoting a common language and framework for firms to capture salient information about cyber incidents and vulnerabilities.

For their part, insurers are looking to develop less complex and more flexible insurance products. These include covers that can be tailored to small and medium-sized businesses, which have hitherto been underserved by insurance and are often less well placed to cope with cyber risks than larger firms. Further, some re/insurers are seeking partnerships with cyber security firms and data analytics vendors to fill knowledge gaps and scale up/provide additional services to their clients. More generally, advanced analytics can augment re/insurers traditional underwriting tools, and help them respond quickly to fast-changing underlying risk factors.



Another way to increase overall loss-absorbing capacity for cyber risk is by developing investment vehicles that enable capital market investors to take some of the exposures. There are currently some initiatives to develop insurance-linked securities (ILS) that cover operational-type risks like cyber. The ILS market for cyber risks remains nascent but could possibly grow.

Supporting role for governments


To expand the boundaries of insurability, companies will need to work with their insurers to create a sustainable market. Ultimately, however, the potential scale of losses from some cyber events could be too great for the private re/insurance sector to absorb, especially peak-loss events such as widespread disruption to critical infrastructure or networks which could lead to significant accumulated losses. For such risks, there may be a case for a government-sponsored back-stop (i.e., a re/insurer of last resort), something akin to the state support for protection against catastrophic terrorism risks.

More broadly governments have an important role in promoting cyber resilience, including measures to improve cyber information capture and diffusion, and setting laws and regulations about how cyberspace is used and protected. By reshaping incentives and increasing awareness of cyber threats, governments can further nudge the private sector into developing improved market-led solutions.

This sigma is the first to be published under the "Swiss Re Institute" banner. The Swiss Re Institute formally launches on 1 March 2017 with a mandate to build on Swiss Re's position as the thought leader in the industry, bringing together the firm's various high-quality research and outreach capabilities under one roof. The Swiss Re Institute will produce Swiss Re's research reports including sigma, the insurance industry's leading research publication.

English, German, Spanish and French full versions of the latest sigma report are available here.

Related articles

photodune-3834701-laughing-girl-xs

Online insurance in Europe reached more than 100 billion EUR in 2016

Online and direct channels are the fastest growing business models in both life and non-life insurance industry in Europe. The market share of the online/direct channel business was, in 2015, 8.2% of the total business, while the total gross written premiums of this channel throughout all Europe reached 99.3 billion EUR.

2017-11-16
photodune-3834701-laughing-girl-xs

S&P Global: Polish motor insurers face a decade of uncertainty due to retrospective bereavement damages claims

Over 12 months, average prices for Poland's mandatory motor third-party liability (MTPL) insurance have shot up by about 47%. S&P Global Ratings attributes part of this spike in policy prices to the rising cost of bodily injury compensation claims in Poland over recent yearsPolish motor insurers have also seen fierce competition and inflation in spare parts claims, reads a study recently published by S&P Global. Courtesy to S&P's, XPRIMM readers are exclusively offered access to the study's findings.

2017-11-02
photodune-3834701-laughing-girl-xs

New insurance solutions to cover evolving exposures that businesses face

The global commercial insurance market was worth about USD 720 billion in premiums in 2016. The 10 largest markets mirror the world's biggest economies, and account for 73% of global commercial premiums. They include the leading industrialised countries of the G7 group, China, Australia and South Korea. The latest sigma study "Commercial insurance: innovation to expand the scope of insurability" is about the innovative risk transfer solutions available to cover the ever-evolving range of exposures that companies face.

2017-10-12
photodune-3834701-laughing-girl-xs

Bridging the protection gap in Eastern Europe

For some families living in the former industrial regions of Eastern European countries, the social welfare payments offered by the Government are the most expected moment, each and every month. They are most helpful as a survival tool but, at the same time, combined with insufficient or even sometimes inexistent state-driven programs for tackling these issues, are considered by experts as a factor against actual change in both mentalities and lives.

2017-09-21
photodune-3834701-laughing-girl-xs

What is happening with the Romanian private pensions' Second Pillar?

The future of the mandatory Second Pillar pensions is among the most disputed subjects, in the last period. After the rumors saying they'll be nationalized, the last discussions show that the participants' contribution will be reduced possibly to 1% from the current 5.1%, which will have a significant impact over the future pensions.

2017-08-31

ON THE MOVE

TOP EVENT

photodune-3834701-laughing-girl-xs

"IIF2017 - Insurance in the DIGITAL World" Conference took place in Vienna

"IIF2017 - Insurance in the DIGITAL World" conference brought together in Vienna well-known insurance professionals from all over the world who analyzed the latest digital trends in the industry, taking into account the fast digitalization of the financial services providers' world, in particular in the insurance field, which is creating both huge opportunities and strong challenges for the players.

14.11.2017

photodune-3834701-laughing-girl-xs

Croatian Insurance Days Live

On 9 November has started in Opatija, Croatia, the 2017 edition of the Croatian Insurance Days Conference, the traditional meeting of the Croatian insurance top professionals with their European peers. XPRIMM Publications are supporting the event as Media Partners.

09.11.2017

photodune-3834701-laughing-girl-xs

The 2017 Baden Baden Meeting: Short recap

The Baden-Baden meeting, one of the key events in the reinsurance calendar, has just set the final point of this year's edition. XPRIMM Publications have reported from the meeting's premises. Let's recap!

26.10.2017

Baden Baden Headlines 3: CEE insurance markets are attractive for reinsurers

Central and Eastern Europe insurance markets are an important source of business for Lloyds, total premium income from this region increasing by EUR 64 million since 2010, pointed out the Lloyd's representative in a seminar dedicated to CEE insurance markets: "We are seeing strong growth from Czech Rep, Poland, Slovakia and Ukraine. At the same time are some contractions from Russia, Bulgaria, Romania and Hungary due to challenging trading conditions as political implications and other sanctions".

25.10.2017

Baden Baden Headlines 2: cyber insurance market set to grow under regulatory presure; nat cat events more frequent, but losses per event are decreasing

Asian insurance market, especially the Indian market - are considered to be "the new El-Dorado" of the global re/insurance market, with rapidly expanding markets and an dynamic environment: "Indian P&C re/insurance markets are expected to grow at a pace of 15% per annum", according  to Victor PEIGNET, CEO, Global P&C, SCOR SE. The French -based reinsurer setted-up its Indian branch in 2016, after the authorisation from the local market authority - IRDAI. India's re/insurance market has become more attractive for global companies following the relaxation of regulatory requirements, and lately, "big names" in the industry entered the market by opening branches: GEN Re, SCOR, Lloyd's of London, MUNICH Re, SWISS Re, Reinsurance Group of America (RGA), HANNOVER Re, XL Catlin and others.

24.10.2017

BB Headlines: Rates are settled to increase following Q3 events

The main effect after the Q3 nat cat bill of over USD 100 billion: Global reinsures said - the "discounts and reductions in tariffs era" especially in European reinsurance market for the January 2018 renewals, will come to end. At the same time, some reinsurers might disappear and there are likely to be more mergers, acquisitions and run-offs processes.

23.10.2017

photodune-3834701-laughing-girl-xs

Baden-Baden Reinsurance Symposium: the industry-wide impact of disruption

"In our business we are more than used to disruptions [...] But the pace of disruption has been amplified by new sources of data and by the increase in the power to collate this data", James NASH, the President, International of GUY Carpenter stated during his opening address at the Reinsurance Symposium in Baden-Baden on 22 October.

23.10.2017

See all