All insurers should be wary of cyber risk aggregation, says rating agency
Cyber attacks could pose a “substantial threat” to insurers, according to AM Best.
In a recent special report on cyber security issues, the ratings agency said that it still considers natural catastrophe losses to be the main threat to the financial strength and credit quality of non-life insurers.
But it added: “The increasing frequency and severity of cyber-attacks and difficulty in measuring the risk pose a potentially substantial threat to the insurance industry.”
AM Best highlighted aggregation of cyber risk - where several claims hit at the same time - as a particular concern for insurers. The ratings agency said: “It is AM Best’s opinion that all insurers should be concerned about risk aggregation, given the possibility of single attacks leading to losses across a large number of insureds.
“Such risks are present dangers, and while they have not materialised, it does not mean that they could be avoided.”
The agency quoted the research published in March by the UK government and insurance broker Marsh, which said the total probable maximum loss for cyber risk globally is £20bn.
It added: “While that amount is within the reinsurance capacity for single-event risk of £65bn, it is well above that of £3bn for a nuclear loss.”
AM Best listed three areas where both insurers and their clients could improve their cyber risk profiles.
The first is that insurers can better serve their clients by designing specific cyber risk policies rather than relying on the coverage afforded under traditional commercial general liability, business interruption or directors’ and officers’ liability policies.
The second is that, because of the interconnectedness of cyber risk, the development of single-risk limits “would be a conservative approach”.
Finally, the agency said that establishing contingency reserves for cyber losses “would demonstrate prudent risk management, as well as a conservative approach relative to this emerging risk.”