Cyber alignment

In the second part of his interview with Emerging Risks, Tom Johansmeyer, head of Property Claim Services (PCS) at Verisk – insurance solutions, talks about the growing cyber threat, the benefits of an ILW solution, and why cyber pools are very much not the answer.

Ransomware attacks have really hit the headlines this year- are you surprised by the scale and frequency of cyber-attacks?

I’m not surprised by the scale and frequency, and I’m certainly not happy about it. With cyber-attacks, ransomware has taken on a kind of business feel to it. You’ve got people who are using extremely sophisticated technology, and they are finding and exploiting vulnerabilities. They are also exploiting vulnerabilities in the supply chain, because in the past you might have needed all of that expertise to sit in one person, but now you have the distribution of that expertise, which distributes capability for an attack. What this means is you can do more of this, you can do it more cheaply, and you can do it more easily. And in doing so, you can do it with greater magnitude. Then you have market forces which have led to increases in the severity of the ransoms being demanded.

To what extent does the cyber insurance market have a handle on its possible exposures over the medium term? Or is it simply too early at this stage to predict what sort of losses are on the horizon?

The bigger issue we have right now in that regard is under-penetration. You have a disproportionate threat relative to both premium and capital base: a tsunami of cyber-attacks coming against a small market. What’s interesting is that the miss rate for insurers goes up. If you imagine five central targets and only one has cyber insurance, and two get hit, there’s a good chance that those hit won’t have insurance. When you see that kind of dynamic, it’s hard to commit more capital.

Additionally, insurers aren’t really carrying enough of the risk in order to fuel market growth. And 50% of the risk is being ceded to reinsurers, which is a number that has gone up over the past few years, so insurers don’t want to hold this risk. Reinsurers are comfortable holding the risk, but they can’t get more capital allocated because the powers that be are looking at this and saying “we’re not comfortable taking on more than this, especially without a more reliable retro market”.

So what state is the retro market? Unfortunately, the four largest reinsurers in cyber represent 60% of affirmative cyber reinsurance premium. So if anyone of them needs retro, they can’t really go to the others, and they can’t really go to the rest of the market. There’s a concentration here, as everyone is roughly on the same stuff, so you need virgin capital coming in. And any reinsurer that is not in the space right now is likely intentionally not in the space. If some retro gets traded its highly broked and bespoke.

Time and again I here on the conference circuit: “let’s get the ILS guys in here”… yes, there is high level ILS interest in cyber, but they certainly know how much is ceded and their first question is why would I take on what nobody wants to hold onto? That’s a damn good question. They need to see something they can take on. Most of the cyber reinsurance out there is quota share, which is tough for the ILS market because you are really participating in the underlying book. You need to really understand the insurer and reinsurers’ underwriting philosophy and claim-handling practices.

Instead, I’ve been pushing the ILW solution because I think it makes a ton of sense: you don’t have to understand the underlying cedants, you can structure it sensibly for a shorter tail, and ILS funds understand index-triggered business. They like that concept. But if you take an ILW to a cyber broker who probably grew up in professional lines, understanding an ILW is not necessarily easy.

The tricky part is lining up the market: getting a buyer and a seller to really sit down and come up with a realistic spread. You also need protection buyers to take a more realistic look at their exposures.

Is cyber risk something that ultimately needs a bigger response than that the (re)insurance market can provide? Do we need a more coordinated public/private sector partnership here?

Yes, but not in the way people are thinking. Everybody seems to be in a rush to have the pools take it over, but I think there is almost no worse idea than that. I think we need to take a real swing at this, and what I find most interesting is the possibility for diplomacy to play a role here. If we see cyber losses growing exponentially and we chuck those losses to government facilities, the tax payer is just bearing the burden in a different way. We’re not solving anyone. What we need to do is to have rules of the road among state actors as to what targets genuinely off limits. We need something maybe not as big as The Geneva Convention for cyber-attacks, but a sense that hospitals and certain types of energy providers need to be left alone.

 

“Insurers aren’t really carrying enough of the risk in order to fuel market growth. And 50% of the risk is being ceded to reinsurers, which is a number that has gone up over the past few years, so insurers don’t want to hold this risk. Reinsurers are comfortable holding the risk, but they can’t get more capital allocated because the powers that be are looking at this and saying “we’re not comfortable taking on more than this, especially without a more reliable retro market”.

Follow us on twitter: @risksEmerging

Owned Weak RSA from Hack The Box! #Cybersecurity #security via http://twinybots.ch https://www.hackthebox.com/achievement/challenge/755056/6

These people get it. Allowing global capital to replace one destructive industry with another is not a realistic way forward. We need an alternative to the growth imperative. https://www.theguardian.com/world/2021/dec/05/rio-tinto-lithium-mine-thousands-of-protesters-block-roads-across-serbia

Witness the Power of Graphs - USC Viterbi | School of Engineering
2021-12-03T18:15:15Z

@JimHarris @JolaBurnett

#CNNs #Matplotlib #5G #NLP #SciketLearn #AutonomousVehicles #ArtificialIntelligence #LinearAlgebra #MLOps #DataScience #CyberSecurity

http://news.google.com/./articles/CBMiR2h0dHBzOi8vdml0ZXJiaXNjaG9vbC51c2MuZWR1L25ld3MvMjAyMS8xMi93aXRuZXNzLXRoZS1wb3dlci1vZi1ncmFwaHMv0gEA?hl=en-US&gl=US&ceid=US%3Aen

Connecticut Democratic Sen. Chris Murphy said he continues to work with his Republican and Democratic colleagues to pass gun safety legislation, especially after the deadly school shooting last week in Michigan. https://cnn.it/3GjVftw

#tech #technology #AR #vR #AugmentedReality #AI #Algorithm #innovation #reinvent #cloud #IoT #5g #data #DataScience #BigData #CyberSecurity #automation #CloudComputing #Algorithm #StaySafe #wfh #ArtificialIntelligence A definite game changer !! 👇 Thanks @Ronald_vanLoon https://twitter.com/ronald_vanloon/status/1466766734233321474

Ronald van Loon at @AWScloud #reInvent@Ronald_vanLoon

#AugmentedReality windshields could soon be hitting the roads
by @usatodaytech

#AI #ArtificialIntelligence #VR #AR #VirtualReality #MixedReality #MR

Cc: @rethinkrobotics @davidsmith4324 @maxjcm @ronald_vanloon @xbrlstandard

"The GDPR brought in the concept of Security by design."- Pooja Bansal, @Fareportal Speaking live at #PublicPolicyForum on Security & Data Protection

77th #SKOCHSummit #Caii #SKOCHParivar #CyberSecurity

@SkochSameer @oscilatting @DhanjalDr @abmindia

Buy Google Voice Accounts
Google Voice Number Best Contact Site. Connect anywhere with Google Voice account.
Contact: https://cutt.ly/AYs1a4R
#GVoiceNumber #MachineLearning #DataScience #Python #AI #100DaysOfCode #IoT #flutter #CyberSecurity #tech #DDoS #data #RPA #IIoT #5G

Load More...
SHARE: