Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Data scarce for insurers covering cyber risks

Reprints
Data scarce for insurers covering cyber risks

U.S. insurers are cautiously underwriting cyber coverage as they seek to understand the true nature of the underlying risk, according to a report by Standard & Poor's Corp.

“Looking Before They Leap: U.S. Insurers Dip Their Toes In The Cyber-Risk Pool,” published Tuesday, said that while there are about 50 insurers that are writing some cyber coverage, the market is dominated by five underwriters: Ace Ltd., American International Group Inc., Beazley P.L.C., Chubb Corp. and Zurich Insurance Group Ltd.

“Although this market is immature at the moment, there is still value to be found if insurers properly underwrite risk,” the report said.

Cyber coverage represents a huge area of opportunity for underwriters, with some analysts predicting that the size of the cyber insurance market will grow to $10 billion in the next five to 10 years, the report said.

Currently, cyber coverage predominantly is written on a claims-made basis and primarily covers third-party liability in the United States, according to the report.

About 90% of the premium volume for cyber — estimated by Lloyd's of London to be $2.5 billion in 2014 — covers U.S. risks, according to the report.

S&P said that cyber risk presents a “unique challenge” for underwriters because neither frequency nor severity is predictable.

“Reliable actuarial data are also not available,” the report said.

Metrics for cyber risk also are in the early stages of development, and probabilistic models pose high levels of uncertainty, “mostly because of the unpredictable human behaviors associated with cyber attacks,” the report said.

“Therefore, we are cautious of any insurer that places too much emphasis on modeling cyber risk for pricing or exposure-management purposes,” the report said.

Other challenges for underwriters include limited and insufficient disclosures about cyber attacks, the report said.

Stand-alone cyber policies likely will place more emphasis on risk-mitigation consulting and services than on indemnity protection in coming years, S&P said.

Over the next few years demand for coverage likely will outpace supply in the short term because, in part, of insurers' caution about underwriting cyber, the report said.

Read Next