Printed from BusinessInsurance.com

Securitization likely cyber risk’s future: Experts

Posted On: May. 6, 2021 10:01 AM CST

cyber risk

The cyber insurance market may move toward securitization of cyber risk, although it will take several years for that market to develop, insurance executives say.

“I think we’ll be able to isolate some tail events that we’ll be able to securitize for some of our larger clients,” said Andy Marcell, New York-based CEO of Aon PLC unit Aon Reinsurance Solutions.  That will happen because it is not correlated with other risks, he said.

Mr. Marcell was among speakers in a CEO session Wednesday during the Minneapolis-based Professional Liability Underwriting Society’s 2012 cyber symposium, which was held virtually.

There are some coverages that can be isolated to create “discrete, bespoke coverages,” Mr. Marcell said.  “If we do our jobs correctly on the retail side, the demand for the coverage will increase” and create the additional capacity needed, he said.

He said insurance and reinsurance brokers have to be able to provide some underlying data with regard to outcomes against a set of deterministic scenarios. “I think we will get there as an industry, hopefully,” he said.

Referring to his company’s acquisition of a business that specializes in insurance-linked securities, Richard R. Whitt, co-CEO  of Markel Corp., said, “We get inquiries from investors all the time.” 

Pointing to those in the capital markets, he said, “these are smart people” who need to achieve a certain return and will want to know there is the expertise available to manage that risk and data available to back it up.

“It is absolutely imperative” that over time cyber insurance-linked securities come into the market, because cyber risk cannot all sit on insurance companies, Mr. Whitt said. “It’s an existential risk” that has to be further spread out into the broader financial markets, he said.

“It’s going to take some time” to prove this, but there is a need for insurance-linked securities to help with the solution, he said.

Mr. Marcell also said, “It’s possible to see a scenario where corporate entities, particularly in the United States,” will be able to not only buy cyber insurance but go directly to the capital markets and buy some form of securitized bonds.

Kenneth Brandt, president and CEO of New York-based Transatlantic Holdings Inc., said it may take more than 10 years for this approach to develop and that in the meantime public-private partnerships “might be a good transition.”

Andrew Barrengos, chairman and CEO of Woodruff Sawyer & Co., said there have been two fundamental changes that have occurred in the cyber insurance market. 

One is in terms of the scope and breadth of coverage and the other is that coverage has moved from being discretionary to something that is not only common but viewed as essential with the exponential increase in the risk profile of organizations.

Mr. Whitt said the cyber market has evolved in a way similar to the employment practices liability and environmental markets, which also migrated from being discretionary to “pretty standard” coverage.

As a result of the education that has occurred over the past 20 years, it is “hard to imagine a Fortune 500 company not having cyber coverage at this point,” he said.

Mr. Marcell said that while the scope of coverage has changed dramatically, the majority of cyber-related economic losses are not insured in the U.S., and the penetration of coverage generally “falls away pretty rapidly” outside the U.S.

Mr. Brandt said two things drive purchases: compulsion, which is the case with regulation, and loss. “There has not been a big systemic event,” he said.

Mr. Marcell said the “two great fears” in the cyber marketplace are runaway frequency and “some giant systemic loss” stemming from a single entity’s failure that affects the entire industry.

The PLUS session was moderated by Pascal Millaire, CEO of San Francisco-based CyberCube Inc., a cyber risk analytics company.