Q: Reinsuring Cyber Risk. Describe the cyber risk appetite of the reinsurance industry and how it has changed in the past year. Describe your company’s appetite and how you price the risks, structure programs, manage accumulations in an area where there is not extensive historical data to assist with these activities.

Bill Donnell, Swiss Re

Bill Donnell, President of U.S. Property/Casualty, Swiss Re

Cyber is an important part of our portfolio. We’ve been writing cyber business for around 10 years now, and we’ve deployed significant capacity in this area. We’re actively researching and working toward solving open questions. We’re investing significantly to continue improving our risk understanding and internal capabilities and favor working with clients with sound cyber risk underwriting, including good risk assessment, risk engineering and underwriting capabilities.

We believe that the accumulation potential of cyber risks is not to be taken lightly and believe in stringent portfolio management to limit the exposure to catastrophic events. We actively manage our exposure and support selected clients with cyber-specific risk capacity.

(Editor’s Note: Donnell is set to leave Swiss Re on Dec. 7 to become president and CEO of the National Council on Compensation Insurance.)

Mike Sapnar 1-DSC_6534 (1)

Michael Sapnar, CEO, TransRe

Our cyber appetite is evolving. The risks out there currently in the market are such that we could put an aggregate limit out and know that we’re not overexposed. But as the product becomes more popular, people are going to have to be more sophisticated about it.

The issue with cyber is it’s very hard to define a specific “territory.” Any event could affect the globe, so you have to aggregate across all territories, which is difficult.

A lot of it might be contained in professional liability treaties, some of which have loss ratio caps, so you have some protection from that standpoint. Then you have to really partner with the insurance company and the underwriter to figure out how you’re going to limit your exposures by industry, and software versus hardware exposures, attachment points, limits such that if there is a systemic problem everything’s not hit, that you have a manageable number.

That gets down to the original underwriting. There are insurance companies that are running screaming from the exposure, and there are companies that are running toward the exposure to figure it out.

It is absolutely imperative that the insurance industry (along with its reinsurance industry partners) figures out a way to provide risk transfer protection, risk mitigation, loss control and insight on this. We have for too long looked to exclude opportunities to grow the importance and the value of our products…You’re not going to exclude yourself to relevance. You’ve got to figure it out. [And] I think it’s happening—there are a lot of collaborations between insurers and reinsurers to figure it out.

We’ve done some strategic partnerships with a couple of insurers that we think are ahead of the curve on underwriting, want to build significant capacity and expertise, and take a lead position.

We have created a cyber unit, led by one of our professional liability underwriters. That new team has full responsibility and underwriting authority for cyber-specific treaties. In addition, the team is a support resource for our underwriters worldwide as they work on business that has some exposure to cyber but which is not specifically a cyber product.


Tad Montross, Chair and CEO, General Re Corp.

The cyber threat increases daily. The insurance industry’s challenge is to offer cutting-edge risk assessment and risk management expertise along with risk transfer solutions that do not create disincentives for firms to continually invest in better security measures.

Mike Krefta 01-12-1

Mike Krefta, Chief Underwriting Officer, Hiscox Re

The appetite is increasing substantially, and we’re a strong market for this type of underserved and emerging class. It’s important though that cyber is not just seen as an add-on to existing property wordings; it is and should be treated as a sustainable class in its own right. To be sustainable, you need to define the risk, price the risk, aggregate it and then report on it.

A challenge, of course, is the lack of historical data, but then that’s always been a Lloyd’s strength in classes like this. Disciplined underwriting is key—writing to a manageable amount of total aggregate and making sure we effectively manage the downside.

Topics Cyber Underwriting Reinsurance