8 February 2024Risk Management

Cyber risk sector needs more reinsurance capacity

The cyber risk market still needs more reinsurance capacity as demand for cyber insurance products has tripled in just four years.

That was the view of Antony Cordonnier, managing director and global co-head of cyber at Guy Carpenter, who was speaking at the Intelligent Insurer Cyber Risk & Insurance Innovation Europe today.

Cordonnier said global premium had grown from $5 billion in 2019 to an estimated $15.5 billion in 2023 while reinsurance limits had only doubled.

He said the slower increase in reinsurance capacity was due to a lack of supply caused in part by a lack of reliable data, although he also noted that the level of reinsurance for cyber was comparatively high at 45%, down from 55% in a smaller market in 2019.

He said traditional sources of reinsurance had been supportive but he thought there was more room to grow through third party capital and insurance-linked securities.

Cordonnier told the 200 delegates that growth in the market had been “seismic” as economies became more digitised, regulatory requirements for cyber risk protection grew and clients were more sophisticated in their expectations as well, he said.

In addition, the variety of insurance products had become more varied while loss experiences was also increased demand.

Cordonnier said ransomware attacks continued to dominate claims, making up 60%,  and were increasing in frequency and severity.  

He said Guy Carpenter expected premiums were expected to be flat in 2023 after ten consecutive quarters of growth.

This was due in part because of a more benign risk environment and because there were new entrants to the market, which was making it more competitive.  

The US market continues to be the most advanced and is also where premium growth is most closely correlated to GDP growth - a  sign that the market is relatively mature and penetration of the market is limited.

But he said other regions had room to grow.

Coverage also varies in different industries, said Cordonnier. He said services represented 20% of the overall  market but just 10% of the excess market, showing there was room for further penetration.

A key problem in securing reinsurance was a lack of data, he added. But he said the number of claims whose cause was classified as “unknown” was declining as the quality of reporting improved.

He also said there was a misconception that “tail losses” or catastrophic losses incurred by large companies posed a greater risk for carriers.

While laree companies contributed 60-65% of tail losses, when they were broken down per dollar of premium, there was little difference between large companies and small and medium enterprises.

He also noted that while catastrophe modelling for hurricanes and severe convective storms was generally accurate, there was more divergence with cyber models – but not as much as there was for earthquakes, for which there has been centuries of data, compared to decades for cyber.    

Earlier at the conference, Robin Smith, chief information security officer at car maker Aston Martin, said the company was using generative artificial intelligence to assist its cyber strategy.

He said the luxury brand was rolling out an autonomic system using AI which enabled the company to work at “machine speed”.

“We need machines to meet the new models which the hackers are using – these are machine speed attacks,” he said.

He said one of Aston Martin’s ambitions was to develop “a precognition about attacks and disruption” which would enable the company to detect signals which suggested an attack was looming while also recognising what was disinformation.

“We need to build critical thinking across the system,” he said, adding this was part of the company’s cyber strategy and training to build resilience.

Did you get value from this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.