The Cyber Insurance Market

Author: Alexandre Palma

Due to the rise in technological development, cybercrime will be the most present threat in the life of any company. Managers will need now to have a renewed concern about the security of their company. It is very easy to bankrupt a company through cyber-attacks, especially if they are small or medium-sized companies.

(Image Source:https://dasinsure.com/cyber-insurance-101/)

Key Cybercrime Statistics 2022

  • 95% of all cybercrime and security breaches are due to human error.
  • 95% of all records breached in 2016 were from only three sectors.
  • 10% of data breaches were espionage-related and motivated, and 86% were motivated by money.
  • The FBI reported that there was a 300% increase in cybercrime reports since the COVID-19 pandemic.
  • Experts expect cybercrime damages to reach $10.5 trillion per year by 2025.
  • Global cyber security spending expectations are to reach $170.4 billion by 2022.
  • A mere 5% of all company folders are effectively protected, according to cybercrime statistics.
  • The most malicious of all malware file types that are sent through email is .exe.
  • As of May 2022, 64% of Americans have never checked their system to find out if it’s been attacked.
  • In 2020, 48% of all malicious email attachments were sent as Microsoft Office files.
(Source: https://earthweb.com/cybercrime-statistics/)

So, in response to these alarming statistics, cybersecurity insurance is a new and emerging industry. Companies that purchase cybersecurity insurance today are considered early adopters. Cybersecurity policies can change from one month to the next, given the dynamic and fluctuating nature of the associated cyber risks. Unlike well-established insurance plans, underwriters of cybersecurity insurance policies have limited data to formulate risk models to determine insurance policy coverages, rates, and premiums.

It’s clear that something needs to be done about the cadence and impact of cyberattacks. Alleviating the threat would have the most profound impact on the insurers’ ability to write more cyber. Fortunately, there have been promising developments, like the successful diplomatic efforts to have decryption keys provided without ransom payment following the Kaseya attack last summer.

A small corner of the reinsurance industry is uniquely poised to help the cyber insurance sector navigate the current threat environment: insurance-linked securities, or ILS.

Insurance-linked securities (ILS) are investment assets generally thought to have little to no correlation with the wider financial markets. Their value is linked to insurance-related, non-financial risks such as natural disasters, other insurable specialty risks, and life and health insurance risks including mortality or longevity.

As securities, some insurance-linked securities (mainly catastrophe bonds) are traded amongst investors and in the secondary market.

They allow insurance and reinsurance carriers to transfer risk to the capital markets and raise capital or capacity. They also allow life insurers to release the value in their policies by packaging them up and issuing them as asset-backed notes.

Insurance-linked securities (ILS) are typically invested in by large institutional investors such as pension funds, sovereign wealth funds, multi-asset investment firms, funds, endowments, as well as some family office investors.

At approximately $106.6 billion, according to Artemis.bm, the leading ILS sector trade publication, the sector is still small, but it could have a disproportionate impact on the cyber insurance and reinsurance market by writing what’s called retrocession, or reinsurance for reinsurers. Several decades ago, as mentioned, ILS funds provided retrocession to the property-catastrophe reinsurance market (think hurricanes and earthquakes) when the capital was in short supply, ultimately leading to the growth of both catastrophe reinsurance and ILS. Cyber insurers and reinsurers today need that same sort of help.

The industry is making progress. ILS funds have shown a salient increase in appetite for cyber risk, particularly now that protection buyer expectations on pricing have moved upward. Insurers and reinsurers have seen quoted pricing from ILS funds approach a more realistic level as well, which is the behavior necessary for the market to reach a clearing price. Once the first commoditized transaction is completed, most of my clients agree, and many more will follow.

According to the article “The Cyber ​​Insurance Market Needs More Money” written by Tom Johansmeyer, the first step in getting the ILS market into cyber will be retrocession — again, reinsurance for reinsurers. Then, that’ll leave reinsurers with more capital to help insurers. Here’s how that can get started:

  1. To engage this capital more effectively — and help it achieve the greatest impact — ILS funds need to see cyber ILS transactions that are easy to understand (and explain to their end investors).
  2. Commoditizing those easy-to-understand deals will be crucial, particularly when it comes to the importance of minimizing frictional costs.
  3. Deals that are easy to analyze and use a common language are most likely to cause the first large wave of cyber ILS activity and create a foundation for the development of an ongoing, reliable, and robust cyber retrocession market.
  4. With reinsurers able to secure retrocession, they should be able to deploy more capital to the insurers they support. This in turn will enable a return to cyber insurance market growth.