Silent cyber exposures in the U.S. property insurance market are mounting to such an extent that a new report suggests a loss of $ 12.5 billion to the industry from non-physical damage could affect carriers of goods, if a major event occurs.
One of the fears of property insurance and reinsurance underwriters is silent or hidden cyber risk, as this exposure is concentrated in business lines and often goes unmeasured.
A new report suggests that while current levels of cyber exposure in US commercial property insurance remain manageable, that exposure could impact the ratings of some of the most exposed carriers.
In fact, the study behind the report, from modeler CyberCube, rating agency AM Best, and insurance and reinsurance brokerage giant Aon, concludes that enough cyber risks are building up on the market. US property insurance market to trigger a loss of $ 12.5 billion.
At this loss amount, AM Best’s analysis suggests that it could lead to a downgrade in Best’s capital adequacy ratio (BCAR) for 18 US real estate companies.
CyberCube analyzed a sample portfolio based on the US small business property insurance industry and highlighted it in some modeled cyber loss scenarios, quantifying the potential for non-physical damage.
AM Best then used this analysis to assess the impact on the balance sheets of 579 US real estate insurers, while Aon helped quantify the risks and exposures included in non-life insurance policies and also highlighted best practices. management of these risks.
The analysis suggests that of the 579 property insurers analyzed, 12 carriers saw their BCAR drop by one level, four dropped by two levels, and two insurers each fell by three levels and four levels respectively.
While BCAR is not everything, as factors such as reinsurance, diversification and liquidity are also taken into account in assessing balance sheet strength, a significant deterioration in the assessment of BCAR can lead to a downgrade. the rating of the financial strength of an insurer.
With exposure to cybersecurity set to continue to grow rapidly, this suggests that the silent exposure to the US property insurance market will also increase rapidly.
It also ignores the potential for silent cyber attacks in residential real estate portfolios, which is also a developing threat vector and could lead to silent cyber losses in the years to come.
CyberCube further explained that its modeled loss figure of $ 12.5 billion indicates that the U.S. property insurance market is exposed to $ 9.5 billion in attritional losses and $ 3 billion in catastrophic losses, during the one in 100 year return period analyzed.
As a result, it is possible that the market is already paying attritional losses for non-affirmative cyber coverage, CyberCube said.
Sridhar Manyem, Director of Industrial Research at AM Best, commented: “While losses of $ 12.5 billion are relatively small when placed in the context of natural disasters, given that these exposures are often Whether priced or not factored into business risk management, the impact on carriers can be significant and, more importantly, unexpected.
Jon Laux, Head of Cyber Analysis at Aon, also said: “As this research shows, quantifying the potential for aggregation of cybersecurity-related losses in real estate policies is very real. As property insurers assert elements of cyber coverage in their policies, insurers are exposed to significant losses, which are not necessarily priced accordingly. With better information, industry participants will be able to make better decisions about investing cyber risks. “
Of course, the insurance industry has constantly tried to exclude silent cybers from the market, as have global reinsurance companies and the insurance-related securities (ILS) market.
But the study suggests that there is enough risk to create a potentially difficult market loss, which could revert to reinsurance or even retrocession and also have some exposure to the ILS market if it does occur.
As the cyber threat landscape continues to evolve and silent exhibits remain a priority, we expect ILS funds to continue to try to rule it out at any opportunity, as long as it remains possible to do so.
There may come a time when cyber risk is so intrinsic to broader insurance coverages, in more industries than goods, that of course it becomes much more difficult to rule out. Although we would hope that this would help stimulate a more functional cyber reinsurance and retrocession market, rather than becoming an industry specific problem.