November 13, 2017 by Canadian Underwriter
The influence of cyber risk on insurer ratings is likely to be gradual, Fitch Ratings has reported.
Cyber insurance represents a relatively small percentage of insurers’ business and insurers are taking a cautious approach to growing coverage, given the uncertainty about cyber claims potential and how to price claims, the ratings firm said in a press release on Monday.
Cyber business has so far been profitable for early market entrants and it is an opportunity for business growth and diversification, as organizations become more aware of the need for cyber insurance. Cyber risk is rising with the proliferation of connected devices and the large amounts of personal data held by organizations, Fitch said in the release, adding that regulation will also drive demand for cyber insurance, particularly in the financial services sector.
As the cyber insurance market develops, competition is likely to erode profit margins and there is a risk of new entrants with limited underwriting experience, underpricing cyber risk, or accumulating large concentrations of cyber exposure relative to the overall business and capital. Events that could give rise to large claims include cyberattacks on electronic grids or transportation systems, large cloud intrusions and mass “denial of service” attacks. Cyber insurance buyers attending Fitch’s conference on cyber insurance last week in New York – which heard from underwriters, buyers, brokers and Fitch analysts – also cited exposure to vendor systems as an area of particular concern, the firm noted.
Cyber exposure could generate material losses for some insurers, given the possibility of unpredictable extreme events and the risk from “silent” cyber exposure that insurers may not have recognized within traditional commercial insurance products. Silent cyber exposure means insurers not actively writing standalone cyber insurance may still be exposed to cyber losses, Fitch explained. Brokers attending last week’s conference highlighted the potential for disputes and litigation over claims where coverage may be unclear. Insurers are gradually introducing specific cyber policy language, sub-limits and exclusions to contracts to limit silent exposure, Fitch noted.
In September, Willis Re reported that half of polled insurance industry practitioners saw the risk of “silent cyber” as growing over the coming year. The Silent cyber risk outlook poll consisted of a sample of nearly 750 participants: “leaders and experts at more than 70 insurance companies and groups around the world as well as within Willis Towers Watson,” Willis Re said at the time. The focus of the survey was four lines of business: first-party property, third-party auto liability, third-party other liability and workers’ compensation.
According to Willis Re, examples of silent cyber exposure could include a cyberattack on an industrial plant’s control system that causes a boiler explosion, leading to extensive property damage and business interruption, or malware causing an elevator to fail, resulting in multiple casualties. “While a policy pay-out will depend on the specifics of individual wordings and occurrences, such examples illustrate how silent cyber events can push up loss ratios on policies not specifically mentioned to cover cyber risk,” Willis Re said at the time.
Fitch Ratings said that it expects the cyber insurance business to be “ratings neutral for most highly-rated insurers with sound underwriting,” particularly as it represents a relatively small part of overall risk exposure. Aggressive growth in cyber – or a high portfolio concentration – would be credit negative, as underwriting, pricing and reserving uncertainties would outweigh the potential earnings growth benefits, the ratings firm added.
Aggressive growth in cyber – or a high portfolio concentration – would be credit negative, as underwriting, pricing and reserving uncertainties would outweigh the potential earnings growth benefits. Controlled growth, as part of a diversified portfolio, coupled with continually enhanced underwriting standards, would generally be credit neutral, Fitch concluded.