The challenge is clear: cyber risk presents major loss potential for the (re)insurance industry, but the capability to assess the exposures varies widely. This was the finding of the Bank of England Prudential Regulation Authority (PRA) as it published the results of its 2019 General Insurance Stress Test.
The comparison in loss potential with natural catastrophe scenarios is particularly revealing: loss estimates for cyber were similar to the “Set of 3 US Hurricanes” scenario, and reached significantly higher levels than the “Japanese Earthquake and Tsunami” and “UK Windstorm and Flood” scenarios. It provides hard evidence that cyber exposure has the potential to generate “catastrophe”’ scale losses.
The results also highlight the significance of “non-affirmative” cyber cover in driving losses for several classes of insurance, including Property, E&O/D&O and Crime. The PRA identifies “differences in firms’ perceptions of risks” which suggests that this continues to be a key source of uncertainty. As such, the stress-test provides valuable insight into the market assessment of which lines are most exposed to “non-affirmative” cyber cover.
The focus of the PRA’s concern is the wide variation in the approaches used to assess cyber losses and the apparent lack of sophistication in some methods. Cyber risk is a complex exposure, characterised by continual evolution and “systemic” effects. (Re)insurers need to harness a wide range of data sources and access a diverse set of professional disciplines in order to create a comprehensive view of the risk. At CyberCube, we are committed to partnering with the industry as we tackle the challenges illuminated so clearly in this exercise.
Read the full results here.