Canadian Underwriter

Is it time for a public-private partnership for cyber risk?

October 18, 2021   by Jason Contant

Print this page Share

There will be a point at which a cyber tail event will be too expensive for the insurance industry, as a whole, to cover, a speaker said Thursday during the CatIQ Connect virtual conference.

“That’s where we are already starting to think about, ‘Okay, what happens in this instance?’” said Dr. Rachel Anne Carter, director of cyber with the Geneva Association. “We would be remiss as an industry to ignore the potential for some tail risks arising from some cyber events, but I also think it’s essential that we’re realistic before we rush to conclusions about insurability, about whether cyber is in trouble or not.”

As the carriers of risk, it’s essential that the industry takes as much of the risk as possible, but does so in a sustainable matter. “Where it’s not possible for carriers, insurers and/or reinsurers both at an individual level and at an industry level to do so, it then may, for example, be necessary to look at other options,” Carter said. “So that, for example, may involve public-private partnerships. The structure and format of those for the various risks will depend on which jurisdiction… such a public-private partnership would exist and again that continued collaboration.”

The good news is that a number of carriers have themselves analyzed and assessed the potential for tail risks in their own portfolios, Carter said during the panel, Tail Risks Arising from Our Interconnected World. There have also been collaborative efforts within the industry where there’s been a “very distinct effort to try and work out exactly what the tail risk looks like, both in terms of the quantum, [and] in terms of the frequency as well. And with that in mind to then assess, okay, to what extent can each individual carrier absorb commercial risk, risk within both their commercial and risk appetites, but also do so in a sustainable way.”

Dr. Rachel Anne Carter, director of cyber with the Geneva Association (bottom screen), speaking at the CatIQ Connect conference.

The industry also needs to assess, calibrate and optimize its products and processes to continue to assess and work out what is the tail risk and how likely is that to occur, Carter said.

Moderator Dr. Jordan Brennan, chief economist and vice president of policy development at Insurance Bureau of Canada, asked Carter if she had seen anything that she thought was “particularly suitable or promising” as a public-private partnership for cyber risk specifically. He noted that there have been public-private partnerships for natural catastrophes, such as for flooding with Flood Re in the United Kingdom.

Carter noted that the Geneva Association doesn’t have a position and/or a recommendation for a particular partnership per se. However, she noted there are a number of examples of coverage in the terrorism and cyber terrorism space that could potentially be used as a model.

For example, while there is some commercial coverage for cyber terrorism and some coverage in pools, “the challenge which we had is there’s an increasing number of events that incorporate state actors,” Carter said.

“It is likely that if we have cyber terrorism and/or more extreme events that we will ultimately have to have a public-private partnership of some format,” she said. “Although it would be desirable to have something at an international level to reflect the fact that cyber is a holistic event that can affect not just one company, sector and/or jurisdiction, ultimately, however, it’s more likely that if we do get something to come into place that a public-private partnership will exist only at the level of a particular jurisdiction.”


Feature image by

Print this page Share



Have your say:

Your email address will not be published. Required fields are marked *