’Cyber is going to become the most capital and expertise-constrained class within the insurance industry,’ says global head of cyber

Cyber cover, or the potential lack of it, is back on the agenda.

Global reinsurance broker Gallagher Re published its The Risk of a Cyber Catastrophe report yesterday (10 October 2023), which concluded that fears over the prospect of a large scale, systemic cyber attack were weighing heavily on the minds of business and insurance sector leaders.

Jon Guy

While the report recognised that cyber insurance was an evolving, rapidly growing market segment, it noted that the market has never had to deal with a catastrophe of this magnitude.

It was exactly this concern that prompted Lloyd’s to look to clarify its exposure to state backed cyber attacks with clarification in the syndicates’ cyber wordings.

Indeed, Lloyd’s chief of markets Patrick Tiernan put it succinctly when he said that Lloyd’s was taking a cautious approach quite simply because it did not have “the muscle memory” to understand how it would be called to react when an industry wide cyber event occurred.

Relative infancy

The fact that cyber modelling remains in its relative infancy, according to the research, does not help.

For a market created to assume the risks of others for a price, the industry is inherently risk adverse – and so are capital providers.

Gallagher Re warned: “Demand for cyber insurance continues to grow and, following triple-digit rate rises in the past three years, insurers can have more confidence they are pricing the risk correctly.

”But, while the supply of capital is increasing in parts of the market, there remains a reluctance from capital providers to offer cost-effective and systemic solutions that solve for carriers’ true fear of the unknown.”

Ian Newman, global head of cyber at Gallagher Re, added: “There are many challenges around the cyber market today and this is only going to intensify as the class grows. Gallagher Re has long held the view that cyber is going to become the most capital and expertise-constrained class within the insurance industry.”

For SMEs, however, the current indecision and reluctance may well be a positive.

As models continue to strive to create greater sophistication, the industry is likely to favour coverage for SMEs, given the far lower likelihood that they will suffer a major claim for a breach – meaning exposures can be better managed.

Larger corporations, which are more likely to be the subject to targeted attacks, may want to insure their exposures to a longer-tail, system-wide event, but the appetite from the insurance sector may take some time to develop.