BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Lloyd's of London wary of market aggregation of cyber risk


Lloyd's of London is taking steps to ensure it avoids a “dangerous aggregation” of insurance related to cyber risks while uncertainty remains about potential fallout should there be a catastrophic cyber attack.

Lloyd's CEO Inga Beale has spoken publicly of the market's desire to become a world leader for cyber coverage; current cyber risk capacity in London is about £280 million ($440.3 million), said Toby Clowes, a broker at Safeonline L.L.P. in London. That's at least 30% of global cyber premium volume, which Ace Ltd. estimates at $1.5 billion to $2 billion.

“Aggregation is a key issue for Lloyd's and the underwriters within the marketplace,” Mr. Clowes said.

As a result, the market's performance management directorate, which monitors syndicates' business plans, is keeping a close eye on aggregation risk that would arise if too many syndicates were hit by the same or related losses, sources say.

Aside from monitoring syndicates' underwriting, Lloyd's this year introduced a risk code for cyber security property damage and updated its risk code for cyber security data and privacy breach coverage. The codes allow the Lloyd's performance management team to monitor the business that syndicates are underwriting, among other things.

Nevertheless, “Lloyd's is concerned that without proper controls, there exists a material risk of a dangerous aggregation of exposure in the market,” it said in a statement.

“Systemic exposure is the problem,” said Dan Trueman, head of the cyber division at Novae Group P.L.C. in London, which manages Lloyd's syndicate 2007.

Aggregation is one of the big challenges facing underwriters seeking to cover cyber, said Tim Davies, war and terrorism underwriter in the political risk and crisis management division of Canopius Group Ltd. in London. So Canopius, is examining the potential interconnectivity of cyber risks, he said.

For example, if several companies in the same sector use the same information technology system or cloud, a problem could affect a whole industry segment and result in huge claims, Mr. Trueman said.

One way to mitigate this risk is for underwriters to try to ensure clients do not rely on the same IT systems, he said.

“The realization that a catastrophic breach to a large service provider may, through exposed data held on a client's behalf, create a chain reaction of potential claims as an aggregated book unravels, is becoming prevalent,” Mr. Clowes said. “In the same manner that a property insurer will manage its book geographically, the London market is spreading its exposure to avoid what could be considered a "cyber hurricane.'”

While underwriters specializing in cyber risks have a keen eye on aggregation and the interconnectedness of risk, sources say that potential effects on noncyber-specific insurance could pose a wider problem.

“The aggregation that some (underwriters) must be carrying by adding cyber to property policies” could be risky, said one broker source who asked not to be named.

In a report last week, Chicago-based Fitch Ratings Inc. said “a culmination of high claims activity — or aggregation risk — for property and casualty insurers is a rising risk as insurers increase coverage to protect against cyber threats.”

But the rating agency also said that it believes cyber underwriters at Lloyd's, among others, have managed their exposures and limits prudently.

Read Next

  • Cyber insurance claims disputes start heading to court

    Insurers are fighting having to pay for the settlement of a data breach suit or providing a defense for allegedly mishandled data in early challenges to relatively new cyber coverage, but they also raise a longtime issue: the need to negotiate the terms of an insurance contract.