In a digitally-connected world, cyber risks are growing in frequency and impact. Swiss Re cyber experts Maya Bundt and Eric Durand drill down on what needs to be done to protect insurers against the impending risk

Q: How are the latest developments in cyber risk perils threatening insurers?

Swiss Re: “One of the things we have a keen eye on as a reinsurer is the widening of terms and conditions in cyber policies. That might expose insurers, and in turn reinsurers, to risks that are not fully understood or priced.

“There are always new and different coverage areas being drawn into cyber policies. We have to be very clear what is included, or not included, not only for ourselves but also for our clients and the original insured. We also have to be able to calculate and understand the risk associated with these new coverages.

“Developments in the Internet of Things (IoT), smart homes, smart cities, anything that increases interconnectedness is clearly something that the insurers need to keep a sharp eye on so they can react to them.”

Should insurers fear one big cyber loss? Or an aggregation of events?

Answer: “There will be a very large loss cyber event at some point. For instance the WannaCry ransomware attack could have become a very large event if the authors hadn’t, strangely enough, put a kill switch in the malware.

“There will be a major event coming, but it won’t be one incident even if it is very large. The one big cyber loss will be an aggregation of losses, not just one risk that is hit. We have seen some quite big cyber losses in the last year that were attached to property policies.

“However, (re)insurers are built for the aggregation of risks, whether in one event or several events. That’s what we need to look at, model and understand in order for insurers to set their risk appetite in the right way and put enough capacity behind it.”

What solutions can reinsurers provide to help mitigate these risks?

Answer: “The sharing of cyber risks is vital. There should be some skin in the game for all four players that must share that interest. The insured itself, through proper deductibles and or self-insured retentions and cost for the protection. The insurer, the reinsurer and for very large events you also have the state playing a role.

“It is important that reinsurers help insurance clients to understand the risk as well as the accumulation of those risks better. This can be achieved through support, knowledge exchange or via a second opinion on their aggregation risk modelling. We can also help them to understand where there are difficult points in their wordings.”

What can be achieved by collaborating with the right reinsurance partner?

Answer: “Reinsurers have a very international view through their insurance networks. Many insurers are local while the regionals and nationals generally just get a view of their own country. The role of reinsurers in sharing what they have seen elsewhere can strongly help players in different countries.

“The international view is very important as we can help different countries build up their cyber strategies. It has happened in Switzerland where we were strongly involved through the Swiss Insurance Association in helping shaping it to make sure no players were forgotten.

“Often in these cyber strategies they are too focussed on critical infrastructure, it is probably the most important and immediate aspect, but in the long term you shouldn’t forget small and medium enterprises (SME). They are the backbone of a country’s economy and the reinsurance also has a role there to make sure they are considered.

“There’s clearly a role there helping with information, helping with services. It is also true for academia, we can try and help academics focus on the right research elements and initiatives, which can have a major impact.”

Maya Bundt is the head of cyber & digital solutions and Eric Durand is head of cyber center of competence, Swiss Re