July 31, 2015 by Canadian Underwriter
Risk management and shared learning must be rapidly grown and deployed, in essence, by forming a public/private catastrophe reinsurance scheme to address the growing cyber threat, suggests a new report out of the United Kingdom.
A new Long Finance research report, Promoting U.K. Cyber Prosperity: Public Private Cyber Catastrophe Reinsurance, was prepared by Z/Yen Group Limited and co-sponsored by APM Group. The research involved 80 interviews and two events with professionals working in insurance and reinsurance, as well as government, academia and civil society, notes a statement from Long Finance.
Analyzing the nature and evidence of cyber risks, with a focus on cyber catastrophe event, the report recommends forming a public/private catastrophe reinsurance scheme. This would support U.K. cyber prosperity, add clarity and certainty in the insurance market, and encourage take-up by businesses.
“If society wishes to bring insurance to bear on helping to manage cyber risk, then cyber catastrophe reinsurance needs to be available for property damage, business interruption and third-party liabilities in order to remove blockages to rapid take-up of cyber insurance by business,” the statement argues.
“The scheme would provide cover to a group of insurers above a catastrophic loss threshold, in effect, a pool funded by the insurance industry,” it notes. “The U.K. government’s role would be one of promotion and (possibly) a last-resort insurer only in the event that industry retentions and the scheme’s reserves have been exhausted.”
The report’s key recommendations include the following:
• the scheme should provide more standardized wordings linking cyber catastrophe to the policies members write, and more standardized data collection for analytical purposes;
• insurance regulators should strongly encourage membership by insurers providing cyber cover;
• members should jointly seek reinsurance for a cyber catastrophe, including consideration of cyber catastrophe-linked securities; and
• government should facilitate, but not underwrite, the scheme’s reinsurance (government oversight could help the issuance of cyber catastrophe-linked bonds).
“The issue of cyber security is fast moving towards a high-stakes game for everyone, so it is entirely appropriate that we take robust steps towards putting the U.K. on a secure cyber footing,” Richard Pharro, CEO at APM Group, says in the Long Finance statement. “It is with everyone’s prosperity and safety in mind that a public private reinsurance scheme be considered to add certainty to U.K. plc cyber resilience,” Pharro notes.
“Traditional enforcement methods have limited impact in this area and better standards for information security endorsed through comprehensive insurance models are an important means of creating a safer world for our communities,” Commissioner Adrian Leppard, the U.K. national policing lead for fraud and cyber, suggests of cyber risks.
Adds Professor Michael Mainelli, executive chairman of Z/Yen and report co-author, “To increase the threat of learning about cyber risk, society needs to increase the rate of cyber cover. A public private cyber reinsurance scheme should be measured on how rapidly it helps us learn how to deal with the cyber threats to our economic prosperity.”
Cyber risk is “big because the information and telecommunications revolution of the past half-century means that computers are now used for practically everything,” Stephen Catlin, executive deputy chairman of XL Catlin, notes in the report’s forward. “As we move to the fabled ‘Internet of Things’ – i.e. everyday objects sending, receiving, and processing data autonomously – the systemic risk grows exponentially,” Catlin notes.
“Our regulators expect us, quite rightly, to manage our balance sheets. However, our balance sheets are not large enough to pay for a true cyber-catastrophe. This is where a fresh approach to reinsurance will help insurers enter the market more rapidly and usefully,” he adds.