MONTE CARLO, Monaco – The reinsurance market for cyber liability insurance is stable but is unlikely to grow significantly until more sophisticated underwriting tools are developed to assess the risks, reinsurance leaders say.
While the world’s largest reinsurers plan to maintain their levels of cyber reinsurance premium, they say better computer models to measure exposures are needed.
Cyber models are also needed to develop coverage triggers that could attract capital market investment in the sector, they said during presentations and meetings at the Rendez-Vous de Septembre reinsurance meeting in Monte Carlo earlier this month.
In 2021, the worldwide cyber insurance market premium was close to $10 billion and by 2025 the market should grow to more than $20 billion as the world becomes more dependent on digital processes, said Torsten Jeworrek, chair of Munich Re’s reinsurance committee.
“The demand is there. … If our industry should not have an ambition to find ways through insurance products and with services to meet this demand, then we might lose relevance,” he said.
Recent loss experience, though, has led to a reduction in insurance capacity and increased prices, with cyber liability rates in the United States, the world’s biggest cyber market, increasing about 80% since 2020, Mr. Jeworrek said.
Munich Re recorded $1.4 billion in cyber liability premium in 2021, representing about a 14% market share, he said. Its cyber underwriting performance “in all years has been very good,” he said.
SCOR SE’s cyber premium stands at about $200 million, which is a relatively small proportion of its overall $9 billion in premium, said Laurent Rousseau, CEO of the Paris-based reinsurer.
“The main reason for this lack of development has been uncertainty around what is our accumulation,” he said.
Reinsurers are unsure of probable maximum loss estimates because cyber risk is evolving so quickly, Mr. Rousseau said.
The cyber liability insurance market could be as large as the property insurance market by 2040 but it is a difficult peril to underwrite due to the lack of historical loss information, said Thierry Léger, group chief underwriting officer at Swiss Re Ltd.
“Nobody wants to share if they have been hacked, so we really find it difficult to get good data,” he said.
But over time, and as large losses occur, reinsurers will be able to develop cyber underwriting capabilities, Mr. Léger said.
Hannover Re SE has about $550 million in cyber premium volume, said Silke Sehma, a member of the reinsurer’s executive board.
“In the future, we will be able to grow slightly, but for the time being we are fine with what we have,” she said.
Demand for cyber reinsurance has grown as commercial and personal lines insurers expand their cyber premium, said David Priebe, New York-based chairman of Guy Carpenter & Co. LLC.
“One of the things we’re going to continue to work on is how we develop more capacity for cyber. One of the keys to unlocking that is having a greater understanding of modeling systemic cyber risk,” he said.
Improved modeling would also give capital markets investors more confidence in cyber risk assessment and provide more capacity via insurance-linked securities, he said.
Verisk Analytics Inc. has modeled cyber risk for about five years, said Jay Guin, Boston-based executive vice president and chief research officer, extreme event solutions, at the catastrophe modeling company.
“It’s different from nat cat because of the human element, so the models have to be updated more frequently, and we have to be more adaptive in dealing with cyber,” he said.
Verisk decided earlier this year not to invest further in cyber models until the insurance market for the exposure stabilizes, Mr. Guin said.
“Right now, the market is quite chaotic, because there are many companies that are reducing exposure or excluding the exposure, so we have taken a decision to observe for a while,” he said.
Denexus Inc. is piloting a cyber risk quantification tool for the renewable energy sector, said Jose Seara, CEO of the Sausalito, California-based cyber risk company.
The company has collected cyber risk data from a group of energy companies since 2020 and is working with insurers, reinsurers and ILS providers to build probability models, he said.
The company uses a cloud-based system, which incorporates blockchain technology, to enable the parties to securely share information on the risks, Mr. Seara said.