Shortage of cyber cover is leaving economies vulnerable: Swiss Re
Re/insurer says large pools of industry data will be needed to accurately model cyber risk in a way that will allow insurers to write more business and investors to provide more capacity
Global re/insurer calls on the industry to standardise how claims data is recorded and shared to create better models
Swiss Re has called on insurers and reinsurers to do more to grow the cyber insurance market, warning underinsurance could leave economies more vulnerable to cyber events.
The reinsurance giant said the industry needs to standardise the way it shares and models claims data to better understand the risk of cyber events.
More work also needs to be done to address issues of aggregation risk through policy standardisation, Swiss Re said, as it urged re/insurers to identify new sources of capital to expand capacity.
Swiss Re estimated that premiums would more than double from $10bn in 2021 to $23bn by 2025, an annual growth rate of 20%. But, even with this growth the re/insurer said the cyber market would remain small relative to the risk. In 2022 just 17% of digital assets were insured, compared to 58% of tangible assets.
And given estimates of annual global cyber losses at around $945bn, roughly 90% of the risk remains uninsured, the Geneva Association has suggested.
Failure to increase the size of the cyber market could leave society more vulnerable and less resilient to cyber attacks, which could have devastating and potentially systemic impacts, the re/insurer warned.
“The cyber insurance market has tremendous growth potential,” John Coletti, head of cyber reinsurance at Swiss Re, said. “However, the market needs to mature further to ensure enough insurance protection is available.”
He continued: “Our industry has a key role to play by addressing three issues: improving data and modelling, increasing contract consistency and clarity and identifying new sources of capital.”
Swiss Re said steps were already being taken to collect cyber claims data, but large pools of industry data would be needed to accurately model the risk in a way that would allow insurers to write more business and investors to provide more capacity.
It also acknowledged steps have already been taken to address the aggregation risk, including the development of standard definitions for the exclusions of cyber war and the attribution of cyber attacks, but added a co-ordinated approach was still “aspirational”.
Addressing the capacity issue, Swiss Re suggested the use of public-private partnerships that split the risk between private insurers and governments as a solution to help close the protection gap.