Modelling accumulation risk scenarios will unlock cyber re/insurance potential - Swiss Re

”Being able to quantify your exposure to a scenario that affects multiple insurers at one time is one of the most critical challenges we have,” according to John Coletti, head of global cyber at Swiss Re.

Speaking at the global reinsurer’s Media Day, he said cyber models had taken significant strides in quantifying the potential for systemic risk in the market, but that this remains a challenge that is hindering potential growth.

Currently the global cyber insurance market is around $10 billion in size, with predictions by Gallagher Re it could grow to $30 billion by 2040.

“Why is the market going to be so big?” asked Coletti. ”Because everything is becoming so digital and interconnected. As technology grows and processes become more connected, it creates more cyber risk.”

Growing the market

For the cyber market to one day rival the property casualty industry, it must first get past the obstacles that lie in its way. This includes a relative lack of historical claims data and a rich and ever-evolving risk landscape.

“You need data to make insurance work and we don’t have years and years of actuarially sound data models.” 

But this is beginning to change.

“It used to be that cyber risk was this obtuse, intangible that no-one understood,” noted Coletti. ”Ransomware was not really on our radar five year ago, but now it’s something we’re talking about.”

The continuing mismatch between demand and supply continues to cause capacity constraints, which is driving pricing upwards. 

“There’s tremendous demand for the product but not enough supply to go around,” said Coletti.

The solution in getting underwriters more comfortable with the risk lies in data and modelling, he thought, with a role for AI and machine learning.

Stress testing the next Black Swan

With up to half of all premiums being ceded to the reinsurance industry, cyber reinsurers such as Swiss Re have access to rich sources of underyling data to be used in scenario analysis and portfolio stress testing.

“We can build out of the types of Black Swan events and ask, what does it mean to your portfolio?” continued Coletti. “Our home grown models can help you understand what the impact is and how much capital to put towards a line of business.”

“It’s about how an insurance company manages the risk. You need to build a predictive element to understand what the single points of failure might be.”

It could be a cloud outage, mass malware or some other cyber event that impacts multiple organisations globally.

“The market will not grow unless we deal with wide area events and we need to put more capital into the market to help it grow,” he added.