Insurance Day is part of Maritime Intelligence

This site is operated by a business or businesses owned by Maritime Insights & Intelligence Limited, registered in England and Wales with company number 13831625 and address c/o Hackwood Secretaries Limited, One Silk Street, London EC2Y 8HQ, United Kingdom. Lloyd’s List Intelligence is a trading name of Maritime Insights & Intelligence Limited. Lloyd’s is the registered trademark of the Society Incorporated by the Lloyd’s Act 1871 by the name of Lloyd’s.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By

UsernamePublicRestriction

Granular data on cyber risk crucial to increasing capacity: Swiss Re

While insureds hold significant amounts of data on their exposure to accumulative events, most of it is unstructured and the market needed to develop ways of collecting and modelling that information

Better data on individual insureds’ exposures to large cyber events would encourage more capacity into the market

Better data on companies' exposure to large cyber attacks could help increase capacity in the cyber insurance market, according to a senior underwriter at Swiss Re.

Alex Podmore, senior cyber underwriter at the re/insurer, said the insurance industry needed to improve the way it collects and structures data on individual businesses. While many companies hold data on their potential exposure to accumulative events, most of that data is unstructured, he said. 

Cyber insurance promises to be one of the fastest-growing markets. Swiss Re estimates premiums will more than double from $10bn in 2021 to $23bn by 2025, an annual growth rate of 20%.

However, the market has been stifled by a lack of capacity, driven by concerns about large accumulative events including a major malware attack or an outage at one of the large cloud computing service providers many businesses rely on.

While Podmore said exclusions for war, state-backed attacks and attacks on critical infrastructure were likely to become a permanent feature of the cyber market, better data on exposure to other accumulative risks could encourage more capital into the market.

Most of the data used to evaluate accumulative risk at the moment is “firmographic”, he said, meaning the underwriter makes assumptions of an insured’s exposure based on its geographic location, the industry it is in and size.

For example, knowing the industry a company operates in can give “a bit more of an understanding what sort of software it’ll be using, what sort of dependencies it will have depending on specific common software within that type of industry”, Podmore explained. But a lot of that work at present is done at a macro level and is assumptions-based. Insureds do have more detailed information of their own exposures, but that data is often unstructured and can only be gathered through questionnaire, he added.  

“What we hope the market will begin to transition to do – and something we’re working towards – is trying to get what is generally unstructured information around the technographic profile of the insured and build it into a structured template so, if there is a systemic type of events, we have a better understanding of exactly how an insured’s business will be impacted from a revenue generation perspective,” Podmore said.

This is important because a lot of the concerns about accumulation risk revolve around exposure to business interruption claims. “The more we can understand that type of information, the more capital we can get into the market in the longer term because you get a better understanding of how diversified one risk might be in one portfolio versus another,” Podmore said.

Giving the example of a multi-day outage of a large cloud provider– for example, Amazon Web Services or Microsoft Cloud – Podmore said any two companies would be affected differently. If an insurer knows such an event will not have a huge impact on an insured’s ability to generate revenue or profit, the business interruption component could be lower than feared.

“We might say we can’t pull a risk into the portfolio because there’s too much accumulation potential [from a cloud outage]. But if we understand their reliance on generating revenue from a lot of those cloud services is slim, we can factor that into the equation and have a true understanding of where these risks diversify from one another,” he said.

Related Content

Topics

UsernamePublicRestriction

Register

ID1142666

Ask The Analyst

Ask The Analyst - Ask Your Question Send your question to our team of expert analysts. You can: • Ask for background information on/explanation of articles in Insurance Day * • Find out more about our views on industry developments • Ask for an interpretation of market trends • Source supplementary data relating to articles • Request explanations to further your understanding of current issues (* This relates to any Insurance Day that is included as part of your subscription) We will do the research and get back to you personally with the information you need.

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts

Cancel