Become a Member

Free Preview

This is a preview of some of our exclusive, member only content. If you enjoy this article, please consider becoming a member.

Is ILS Missing the Mark on Cyber?

Print Email
December 6, 2022 by Dan Palardy and Anjali Dharma-Wardana

If fortune favors the brave, trepidation in the insurance-linked securities market may be dampening investor profits.

Recent outlier losses in the property-catastrophe market have left ILS investors reeling, and trapped collateral may be clouding the better judgment of those who bear the catastrophe risk. It also has unfairly delayed cyber-ILS adoption, as investors perceive failures within the property ILS market as rationale for missing the opportunity in cyber—worse yet, failing to recognize the caliber of cyber risk as a quantifiable and insurable peril.

Executive Summary

Opinion: Cowbell Cyber’s Dan Palardy and Envelop Risk’s Anjali Dharma-Wardana’s argue that ILS investors are being too timid when it comes to cyber risk. Here, they compare cyber and natural catastrophe risks, suggesting a shift in focus from the interconnected potential for loss in the cyber world to the interconnected potential for loss mitigation and prevention—a potential they believe translates directly to a more insurable type of catastrophe risk.

For years, the cyber peril has been rejected by the capital markets for its perceived unpredictability. The most glaring difference between the risk quantification of cyber vs. natural catastrophes, however, is precisely what makes it easier to predict: Cyber is an anthropogenic peril, while hurricanes are destructive without prejudice. Almost all cyber threats follow known incentives. These threats can be viewed upon a motivation matrix—usually financial, sometimes political and always predictable. Targets of a possible hacktivist group are identifiable; so, too, are the critical infrastructure, government entities and key businesses they target. To that effect, while storm paths do congregate in certain areas, Florida’s political, economic or cultural posturing, though unique, have no influence on the formation of the storm. These sorts of motivations can be navigated and predicted; their levels of randomness pale in comparison to the storms that wreak havoc on the Atlantic coast annually.

But it is not only the motivation aspect that makes cyber catastrophes more predictable. The very infrastructure is finite in nature, created to follow set rules of interaction. For example, a vulnerability that could lead to a catastrophe is only as worrisome as the relative pace at which it can be patched. Not to mention the fact that all the relevant data points already are digitally housed, which translates into lower cost, time and labor to have them completely integrated into any model.

Known vulnerabilities can be scanned and patched in near real time provided that the market is sufficiently resourced and educated. While cybersecurity remains underserved to a large degree, wider adoption of cybersecurity solutions and best practices only further reduces the likelihood of a cyber catastrophe. The online climate can be warped, bent, shaped in real time with a little bit of cybersecurity hygiene, as if you could suck the humidity out of the air as a storm was about to form.

This is also true in the context of the post-event ecosystem. The path of propagation of a cyber event is as dynamic as the formation itself. A cyber catastrophe is likely to be downgraded to a non-cat event if security scans and patches are deployed sufficiently and efficiently. There is no analogous situation in the context of natural catastrophes. Where communities can remain devastated for years following a catastrophe causing a knock-on effect of both economic and insured losses, the cyber ecosystem can be backed up, rebuilt and improved within hours.

From the perspective of the ILS markets, if cyber is compared only to nat cat, the models may always fall short. Relative immaturity, a wider range of estimates across various vendors, not to mention the more hypothetical nature of the Hollywood cyber-catastrophe scenarios will always make it a fundamentally different peril. Moreover, the traditional methods of leveraging historical loss data as the primary predictor of the future will never apply to the same degree in a moldable and ever-changing online ecosystem.

Cyber is a dynamic space with dynamic risks. Yet this dynamism merits a different view of the risk itself; shifting in focus from the interconnected potential for loss to the interconnected potential for loss mitigation and prevention, a potential that translates directly to a more insurable type of catastrophe risk. Simply put, when it comes to the cyber cat risk, the most overlooked characteristic is one not likely to be seen in the sphere of nat-cat risk: speed.

Speed to detect, speed to respond, speed to rebuild.

If the ILS players can embrace the value of this speed, they will, in turn, make meaningful contributions to the overall cyber insurance trajectory.

For now, they are still asking for a bit more patience.

Print Email

Was this article valuable?

Here are more articles you may enjoy.

Growing Progressive Set to Hire 10,000+ in Claims, IT, Other Roles
LexisNexis: Loss Costs Rise for All Home Insurance Perils
Lockton Re: Hypothetical Cyber Event Offers Carriers an Opportunity to Review Risks
Seeking Shelter From Mounting Hailstorms? New Approaches for Underwriters and Claims Execs

Contributors

Dan Palardy, Cowbell

Dan Palardy is Lead Actuary at Cowbell based in New York City.

Anjali Dharma-Wardana, Envelop Risk

Anjali Dharma-Wardana is SVP, Portfolio Manager at Envelop Risk (subject to regulatory approval).

Latest Magazine

Carrier Management magazine

Research & Whitepapers