Is it time for a new approach to systemic cyber?

By Jason Contant | November 10, 2023 | Last updated on October 30, 2024
2 min read
Global cyberattack
iStock.com/WhataWin

Systemic cyber risk needs to be tackled with more capacity and ways of dealing with the attritional cyber market, Marc Lipman, president and attorney-in-fact at Lloyd’s Canada, suggested during an industry event last month.

“Just like there developed a traditional, attritional property market and a separate Cat property market, we need to develop the same sort of bifurcation for cyber in order to properly price the attritional cyber market and encourage sufficient, reliable capacity,” Lipman said during Insurance Bureau of Canada’s Commercial Insurance Symposium in Toronto.

“Carriers can then sell as a standalone product, with a separate pricing structure, supplemental coverage addressing the risks associated with a systemic cyber event like a state-backed cyberattack,” Lipman said during the panel discussion, Commercial Insurance Market — What’s on the horizon.

He was responding to an audience question from moderator Surender Sekhon, senior vice president of commercial lines at Desjardins Insurance. Sekhon asked how the industry should think about systemic cyber risk, or a single event that triggers widespread failures.

She pointed to a recently released Lloyd’s report that found a global systemic cyberattack could cost economic losses of $3.5 trillion. The “hypothetical but plausible cyberattack on a major financial services payments system” would cost $3.5 trillion in economic losses over five years; about $1.27 trillion in North America (mostly U.S.), Lloyd’s reported.

Lipman said the nascent cyber industry is still new, continuing to evolve, and needs more capacity globally. “And the only way that capacity will flow is to actually be able to address the needs of all the customers, whether they know it yet or not… [and] for the cyber marketplace to become much more predictable, much more stable.”

The cyber insurance market also needs more capital, a speaker said during another industry event in early October in Toronto — AM Best’s Canada Insurance Market Briefing.

“The conversation has shifted from, ‘Will cyber become a major product, in line with property and casualty in the world?’ to ‘Who’s going to contribute to this class of business and hopefully benefit from the expected growth that we’re forecasting?’” said Matthew Mann, vice president at Gallagher Re.

In the future, cyber will play a bigger role, another executive said during IBC’s commercial insurance symposium last month. “We as an industry must be better in embracing it,” said Claus-Ulrich Kroll, president and CEO of Munich Reinsurance Company of Canada and Temple Insurance Company.

Kroll estimated global cyber insurance premiums, at about $12 billion now, to increase to $27 billion in three years. “It’s only going to be done if we have more transparency on specific risks, that we manage accumulation.”

But with an estimated global cyber insurance protection gap of between $900 billion and $1 trillion, it’s clear the industry needs to look at cyber risk differently — whether it’s through new supplemental coverage or exclusions.

“There are some risks that are just not insurable on cyber… some risks are not mature,” Kroll said.

 

Feature image by iStock.com/WhataWin

Jason Contant