Cyber Risk in Reinsurance

The global business environment has turned increasingly digital in the pasts few years. It is very common for businesses across the world to conduct most of their business online. This includes transacting with customers, employees, suppliers, and even the government. It is for this reason that the role of computers has drastically increased within the business environment. However, this rapid adaptation of cyber techniques, which was accelerated by the coronavirus pandemic also carries several risks.

In this article, we will have a closer look at some of the cyber risks and how they affect the reinsurance business.

What is Cyber Risk?

Before we begin discussing further, it is very important for us to clearly quantify what is meant by cyber risk. This is because of the fact that computers have proliferated in our lives. As a result, they impact businesses in multiple ways.

It is important to have a clear idea about the type of business disruptions that could be caused in order to understand the quantum of cyber risks. Some of the prominent examples of cyber risks have been mentioned below:

• Privacy Liability: It is important to understand that since businesses all over the world are operating online, they have access to a lot of data belonging to other parties.

  It is common for companies to store personal and financial data related to their customers, suppliers, and other such entities as part of their regular day-to-day operations. This makes these companies vulnerable to financial liabilities in case this data gets stolen from their servers.

  In the past few years, mega-corporations such as Facebook and Marriott have found themselves liable for financial losses because of the loss of data from their servers.

• Business Interruption: It is also important to realize that businesses have become extremely dependent upon technology for the functioning of their day-to-day business. For instance, most airlines across the world, run their entire operations based on technology.

  The flight schedules of all the airplanes as well as the customer data are stored on computers. In such cases, technology disruption can cause business operations to come to a grinding halt. There have been instances in the past where cyber failures have created situations leading to the grounding of airplanes which has led to financial losses.

• Extortion: The recent past has seen some innovative trends with regard to cyber extortion. There have been cases where famous ransomware such as “WannaCry” have been created. The end result is that hackers do not have access to the underlying data but they block the access of the corporation to the same data. Hence, unless companies pay up the ransom, they are unable to access critical data. The losses from ransomware are estimated to be in the range of $10 billion per annum!

• Data Restoration: A lot of the time, due to operational errors, companies end up losing data that is important to them. It may be possible to restore this data by copying it from a backup or a test system. However, this can be expensive and requires a lot of time and resources. This could prove to be a significant financial loss for the firm.

Why is Cyber Risk Difficult to Quantify?

Insurance and reinsurance can only protect companies from losses once the accurate amount of money at risk is determined. However, in the case of cyber risks, it is difficult to come up with an accurate estimation of the risk involved. This is because generally insurance and reinsurance companies turn to empirical data for risk modeling.

If a larger set of past data is used, then the research is considered to be more thorough. However, in case of cyber risks, such data is not available. Hence, it is not possible to predict cyber risk using traditional means.

Reinsurance companies have developed their own new methodologies to help them ascertain cyber risks. However, a lot of these methodologies remain untested because they have only been around for a short period of time.

Why Reinsurance is Important in Cyber Risk Management?

Ceding insurance companies cover cyber risks in various forms. An elementary level of risk is covered within the regular contracts. At the same time, a separate cyber risk contract needs to be created in order to cover the more detailed risks.

It is important to note that ceding insurance companies are less sure about the probable losses that may arise because of this risk. As a result, most of this risk gets passed on to reinsurance companies.

Studies conducted by industry bodies have shown that almost 40% of the premiums collected to mitigate cyber risks are passed on to the reinsurance company. This is in stark contrast with about 10% of the insurance premium that ceding insurers pass on to reinsurance companies in the case of other lines of business. This effectively translates into the fact that cyber reinsurance is likely to be the growth engine of reinsurance companies in the future. Hence, the cyber risk management business is very important to reinsurance companies across the globe.

The fact of the matter is that cyber reinsurance is both a risky as well as a profitable venture. The ability to profitably provide cyber reinsurance coverage will be the differentiating factor in the future.