Captive.com logo

Captive Insurance News

The COVID-19 Pandemic: Opportunities and Implications for Captive Insurance

The COVID-19 Pandemic: Opportunities and Implications for Captive Insurance

A FREE 12-page special report from Captive.com

The COVID-19 Pandemic: Opportunities and Implications for Captive Insurance explores the challenges presented by today's business and economic upheaval, as well as the hardening insurance market, and what it means for the captive insurance industry.

Show Me My Free Report

Fitch: Cyber Risk Analysis Inhibited by Silent Cyber Risk Exposure

Cyber Criminal 480 x 377
December 17, 2019

Property and casualty (P&C) insurers are gradually gaining sophistication in measuring risk aggregations and modeling potential losses from catastrophic cyber events, but the efficacy of this analysis is inhibited by exposure to nonaffirmative or "silent" cyber risk, according to Fitch Ratings.

Many insurers now view cyber insurance as an attractive source of premium growth and profits. However, future segment performance faces considerable uncertainty given the evolving nature of cyber incidents in a constantly changing technological, legal, and regulatory environment.

Insurers face silent cyber risk when broad commercial packages or other insurance policies do not explicitly address cyber-related coverage terms or specifically exclude cyber risks. This ambiguity in coverage can lead to disputes and litigation following a cyber event when insureds seek funds from available policy limits for protection; it also poses a risk of reputational damage to insurers.

List of Insurance Coverage with Explicit or Silent Cyber Risks

Large silent cyber exposure can restrict an underwriter's ability to measure risk aggregations and correlations of exposure to cyber risk. In a wide-ranging cyber event, this could lead to large unforeseen losses and, in more extreme circumstances, could cause material reductions in capital, which could negatively pressure individual ratings.

Efforts to assess the financial impact from the most severe cyber events include a recent report from Guy Carpenter and Cyber Cube that estimates a 1 in 100 probable maximum loss for the US insurance industry of $14.6 billion. Challenges in measuring silent cyber exposures and the unique nature of cyber events add to the difficulty of creating cyber catastrophe models with similar analytical value as well established natural catastrophe models. Uncertainty lies in estimating the probability of severe events that have never taken place, such as attacks on utilities and energy infrastructure or larger ransomware or cloud service attacks. Also, risk correlations for cyber are not related to the geographic location of the insured.

Graph of US Cyber Insurance Market Share

Underwriters are increasingly aware of the potential exposures posed by silent cyber risk, but remedial actions are moving at a varying pace. Three major insurance carriers recently took public steps to address silent cyber risk that will likely shape market direction.

  • In September, AIG announced an objective for commercial policies to have affirmative cyber coverage or clear exclusions going forward.
  • Beginning in January 2020, Allianz will make clear how cyber risks are covered in traditional P&C policies and define scenarios for which a dedicated cyber insurance product is required.
  • Lloyd's of London announced that, by 2020, they will require underwriters to affirmatively state whether first-party property damage policies include or exclude cyber coverage.

Lloyd's action was influenced by the Bank of England's Prudential Regulatory Authority (PRA) 2019 move to require UK insurers to develop action plans to address silent cyber risks. The PRA noted that casualty, financial, motor, and accident and health lines have outsized silent-cyber exposure. Regulators in other jurisdictions are likely to take a more active approach toward encouraging affirmative cyber coverage going forward.

US statutory cyber direct written premiums doubled from 2015 to 2018 to $2 billion. Demand for cyber insurance coverage is expanding as policyholders' awareness of cyber threats grow with the proliferation of data breaches and more recent developments in ransomware attacks. Client take-up rates for cyber coverage increased to 38 percent in 2018 from 31 percent in 2017, according to global broker Marsh. A more active approach by insurers to write affirmative coverage or, more specifically, add sublimits or exclusions related to cyber in traditional policies would likely increase cyber take-up rates and further bolster segment premium.

Captive Insurance Company Reports
Follow Captive.com on Twitter

Twitter Feed