Lead Forensics
New VOI Podcast

Podcasts

Cyber cat: Confidence building in an emerging risk class

26.07.24 AdvantageGo

In the latest episode of the Voice of Insurance podcast featured Ryan Mather, CEO of Ariel Re, a market pioneer in cyber catastrophe reinsurance at Lloyd’s. The episode aired just after the CrowdStrike outage put cyber in the headlines.

Among reinsurers, Ariel Re is at the forefront of innovative and emerging risk classes, and nowhere is this more relevant than in its embrace of underwriting cyber catastrophe risk, something that sends some reinsurance CEOs running for the hills. Instead, the company has sought to find the opportunity in this area of emerging risk, while many in the market are playing catchup.

Cyber cat is of course a topic in the headlines with the recent global outage incident involving CrowdStrike, an endpoint detection and response (EDR) provider. On Friday 19 July, a single ‘channel’ file update was deployed for users of CrowdStrike’s Falcon Sensor product.

Microsoft system users were met with a so-called ‘Blue Screen of Death’ that paralysed thousands of businesses on a global scale – aviation, financial services, healthcare, logistics, technology and media among the sectors most affected.

The event has brought the reality of the cybersecurity landscape into sharp focus, for the global business community and cyber (re)insurance industry, which will take some time to work out the size of the incoming claims bill. However, the event made Mather’s conversation with host Mark Geoghegan (recorded days before) about as topical as can be.

Mark pointed out that there has previously been concern that reinsurers’ underwriting appetite and resultant capacity availability would not keep pace with demand for cyber risk transfer among the primary market, which has been underwriting steadily more cyber business each year, with reinsurers potentially putting the brakes on that growth.

However, this conversation has since evolved, Mark suggested. From a reinsurance perspective, supply is exceeding demand for cyber risk “for the first time in a long time”, Mather noted, with clients buying less of the traditional proportional products reinsurers have offered.

“The orders are shrinking from 50 or 60% down to 30 or 40%, so the reinsurers are having to figure out what else to do,” Mather said. “The next products are aggregate stop loss, which is what we’ve been doing, and then we’re pushing the occurrence cat type line of business.”

Cyber reinsurance buyers have so far slow to buy these cyber cat products, which like much property cat business, work on a per occurrence basis.

“We’re selling more, but it’s still slow,” Mather said. “People are still trying to understand the product, more and more. There’s an educational process attached to it, but we’re very optimistic that it’s going to come good in the end.”

Ambivalence among buyers is in part because there is still little clarity about how big a cyber cat event – such as CrowdStrike – might turn out to be, something that Mather acknowledged.

“Not everyone’s entirely comfortable, as you can imagine. If you’re a [reinsurance] buyer, then the board [of your company] asks you what protection you have, if you can’t articulate it very clearly to the board, that’s existential to your job, so you’re probably not going to go down that route,” he said.

“The original carriers are getting more used to the loss ratios they’re generating as well, because there was a lot of fear, post Covid, and post ransomware, that we didn’t understand the product quite as well as we should have done. I think people are getting more confident about that now,” Mather added.

Pricing cyber appropriately has never been simple, given the need to understand more about this emerging, evolving type of risk. The cyber pricing cycle is to a degree “going through its own life cycle”, as it saw rate rises before other lines, Mather explained.

“Prices went up hundreds of percent post Covid, there were a lot of ransomware claims, etc, and it turned into a super-attractive line of business for everybody in the whole value chain,” he said.

 Since then, cyber business has been going through a period of price softening.

“For cyber, on the quota share side, the direct prices are coming off all of a sudden, because they went up so high in the previous two or three years. We’re not surprised to expect a bit of competition, and that’s exactly what’s happened,” Mather said.

A big part of the equation is the evolution of cyber risk modelling, something that will always face more hurdles than tangible business, such as property cat, due to fast-changing technology and a closely related appetite for relevant historical data. Cyber cat models are maturing, Mather suggested.

“People are getting more confident in the product, more confident in the way that cyber will behave in an extreme set of circumstances. I think the modelling is becoming more sophisticated. I don’t think it’s quite there yet,” Mather added.

Latest Insights

DISCOVER HOW ADVANTAGEGO
CAN AUTOMATE PROCESSES AND REDUCE COSTS