Insurers could lose up to 119% of policyholder’s surplus on cyber risks
A new collaborative report by A.M. Best and Guidewire Software has estimated that three of the top 20 cyber insurers could generate significant gross losses to policyholder surplus of between 15 percent to 119 percent, from a single cyber catastrophe event occurring in 2022, according to reinsurance news.
A.M. Best and Guidewire’s Cyence Risk Analytics team extrapolated and modelled current cyber insurance market trends to 2022 in order to test and estimate the impact of future cyber-attacks on the industry’s capitalisation and ratings.
This involved creating five typical policy profiles, each with specific attributes such as policy limits and line of business minimums, and applying Guidewire’s data listening application to the cyber portfolios of the top 20 insurance carriers to model their gross loss potential.
Two scenarios described in a Lloyd’s 2017 emerging risk report were used for the stress test: one in which numerous cloud-based customer servers fail and cause widespread service and business interruption, and one in which a common software application is compromised and exploited on a global scale.
Additionally, an assessment against both events occurring over a 12-month period found that at the 1-in-200 event level, five companies incurred gross losses ranging from 11% to 233% of their estimated 2022 policyholder surplus.
Although the severity of loss potential was identified, A.M. Best noted that most carriers’ gross losses were manageable, and added that projections under the 1-in-50 and 1-in-200 scenarios did not consider ceded reinsurance arrangements that the companies may have.
However, the report also did not take into consideration the silent cyber exposure of these companies, which A.M. Best warned could also potentially be significant.
“For the majority of these companies, even the gross losses do not come close to the natural catastrophe probable maximum loss estimates used for stressing the balance sheet strength of the companies,” said Fred Eslami, an associate director at A.M. Best.
“However, under these circumstances, a handful of companies could lose a significant amount of surplus, which potentially could create ratings pressure or even trigger a downgrade.”
Sridhar Manyem, director of Industry Research and Analytics, also commented: “Cyber risk inherently will span multiple functional skill domains, requiring expertise from claims, underwriting, actuarial and enterprise risk management, and making the process truly a team effort across an insurer. Addressing the talent gap will be a critical aspect of risk management.”
A.M. Best said that its report aims to provide an evaluation of risk mitigation strategies for the fast-growing cyber insurance sector, such as selective underwriting, reinsurance, establishing risk preferences and risk pricing.
“It’s clear cyber is a major growth opportunity for the P&C insurance industry, but it’s also challenging,” said George Ng, chief data officer at Guidewire. “Advanced analytics and risk modeling are imperative for effective underwriting, pricing, and accumulation to ultimately drive a sustainable cyber insurance marketplace.”