Risk modelling firm RMS has released a new cyber risk accumulation management tool and reporting framework as it seeks to encourage insurance, reinsurance and the ILS markets to become more comfortable putting out larger limits to cover cyber risk exposures.
One of the problems with cyber risk, that is holding the insurance and reinsurance market back from devoting more capacity to it, is defining where a risk or exposure ends, or indeed begins and additionally understanding the potential accumulation or aggregation risks.
Cyber risk, as an exposure, is so potentially huge, largely misunderstood and underestimated, but provides a huge opportunity to the insurance, reinsurance and capital markets. Any tools or systems that can help risk capital markets to gain more comfort that they understand the extent, or boundaries, of a cyber risk could result in greater levels of capacity being unlocked for deployment, thus increasing availability of cyber risk insurance cover.
Hemant Shah, CEO and Co-founder of RMS, commented; "Our economy is undergoing a profound digital transformation and cyber-related insurance has the potential to be a fundamental driver of growth for the global re/insurance industry."
So today RMS has launched its Cyber Accumulation Management System, including a new software system and framework for cyber risk exposure reporting. The firm has also released a range of cyber catastrophe scenarios for loss modeling, something else that has been lacking to-date.
The RMS Cyber Accumulation Management System has been designed with the assistance of the re/insurance market, with some of the leading cyber insurers participating, as well as through collaboration with the Cambridge Centre of Risk Studies.
Andrew Coburn, senior vice president at RMS, commented on the launch; "While many insurers see cyber as a growth opportunity they are cautious of scaling their limits and increasing their exposure because, rightly, they're concerned about accumulation - what happens if many of their insureds are impacted in a large-scale 'cyber catastrophe'? To prudently increase capacity for cyber insurance, insurers need to first understand both their cyber accumulation and correlations."
RMS believes that in order to begin to unlock greater amounts of risk capital, be that re/insurance or from the capital markets, there is a need for markets to understand their Probable Maximum Losses (PML). This is a key determinant for setting risk appetite, allowing capacity providers to understand the potential impact and scale of cyber catastrophes and the extent of the risks they assume.
The risk modelling firm explains; "Without an ability to set a PML, insurers are compelled to assume a conservative approach, limiting their capacity and reducing the efficiency of their capital management. To address this, the RMS Cyber Accumulation Management System provides insurers with the framework to organize and structure their data, in addition to five cyber loss models that enables insurers to stress test their portfolios against a range of cyber loss methods."
This ability to stress test, against scenarios and catastrophe events for a line of business, is a given in most parts of the insurance and reinsurance market. But, when a new or emerging risk such as cyber is a developing line, this ability is often lacking, or left to underwriters' own views of risk or exposure.
Having a third-party set of tools to help underwriters better understand cyber insurance, or reinsurance, exposure is a step in the right direction to unlocking the huge amounts of capacity required to cover cyber risks.
"The global insurance industry has always played a crucial role in ensuring the resiliency of our economy, and the launch of the RMS Cyber Accumulation Management System is not only an important first step in furnishing our clients with the models and tools to safely grow capacity for this line of business, it also helps to create a fundamental opportunity for the industry to increase its relevance in a rapidly changing economy," Hemant Shah explained.
Simon Ruffle, director of technology research and innovation at the Cambridge Centre for Risk Studies, added; "Accumulation is very much a function of the cyber insurance coverages provided by firms. In our joint report with RMS, Managing Cyber Insurance Accumulation Risk, we pinpoint a number of new and important concepts for quantifying accumulation risk to help firms reveal the loss potential in a portfolio. Our research has identified the insurance coverage categories that are most susceptible to systemic cyber events, and revealed these categories are not only present in affirmative cyber insurance products but extend to silent exposures in 'all risks' policies covering property and casualty without explicit cyber exclusions."
Gaining a greater understanding of cyber risk exposures is a step in the right direction for the development of a cyber risk ILS market. With the exposures so huge, the involvement of the capital markets is likely needed in cyber re/insurance and ILS investors will likely find cyber catastrophe exposures a compatible asset to allocate capital to.
That's as long as the risks are understood, accumulations can be controlled and boundaries placed around the risks re/insured. Tools to help markets better understand cyber accumulation risk are a great start.
Editor's Note: This article discusses one or more securities that do not trade on a major U.S. exchange. Please be aware of the risks associated with these stocks.