Cyber potential is huge if exposures can be modelled

Cyber risk can come with many complex exposures and, as such, can be a difficult risk to underwrite. But its growth potential for the market is huge if the exposures can be understood and correct risk modelling developed and used, Yörn Tatge, managing director and senior vice president at AIR Worldwide, told Baden-Baden Today.

Cyber is a big concern and a topic at the forefront of people’s minds, according to Tatge. Some risk models have been developed that cover certain scenarios including AIR Worldwide’s deterministic model which examines cyber data theft, vulnerable or unsupported software, accidental cyber data loss, denial-of-service attacks, cloud service provider failures, domain name system failures and cyber extortion.

Tatge is also confident that a new probabilistic cyber risk model, which AIR is due to launch in 2018, will help re/insurers manage the accumulation of cyber risk as well as assess and evaluate the risk of individual contracts.

“There is a lot of market potential to write cyber business. There are not that many standalone cyber policies out there at the moment, but many companies do have potential risk from cyber in their books thanks to other contracts,” he said.

Anke Sielker, the manager of business development at AIR Worldwide, explained the logistics of the new model AIR is developing.

“At the beginning of the year we issued data standards to start allowing our clients to get an idea of their exposure and what they need to be able to analyse the risk,” Sielker said.

AIR has minimal requirements for companies converting to its data standard but this, in turn, allows it to assess different cyber scenarios that can be modelled deterministically.

The data standard, once implemented into a company’s risk management process, allows it to begin modelling its cyber risk immediately, according to Sielker.

The probabilistic model will include any type of potential cyber risks currently seen as being insured in the market. It will start off with standard breaches, such as cloud and payment processes, and eventually move to include other sorts of liability, and physical damage.