Hidden cyber risk in the U.S. property insurance market could trigger $12.5 billion in losses, according to a new industry report.

What’s more, this 1-in-100-year loss could harm AM Best’s Capital Adequacy Ratio for 18 U.S. property carriers, the CyberCube/AM Best/Aon study found.

Hidden cyber risk (which can include silent cyber – risks policies neither expressly include or exclude) could create longer-term financial damage for carriers by harming the Best Capital Adequacy Ratio, or BCAR. A company’s financial strength rating is based in part on reinsurance, diversification and liquidity. But as the study authors note, a big drop in the BCAR can cause a drop in an insurer’s financial strength rating.

“While losses of $12.5 billion are relatively low when placed in the context of natural catastrophes, considering these exposures are often unpriced or unaccounted for in enterprise risk management, the impact on carriers can be significant and more importantly, unexpected,” Sridhar Manyem, AM Best’s director, Industry Research, said in prepared remarks.

Rebecca Cole, CyberCube’s head of Industry Engagement, said the loss figure points to a troubling trend already in play.

“CyberCube’s modeled loss figure of $12.5 billion suggests that the U.S. property market is exposed to $9.5 billion of attritional losses and $3 billion of catastrophic losses in the return period,” Cole noted in prepared remarks. “It is apparent that the property market is already paying attritional losses for non-affirmative cyber coverage.”

Jon Laux, Aon’s head of Cyber Analytics, added that the results point to losses in cyber that remain poorly priced.

“As this research shows, quantification of the aggregation potential from cyber-related losses in property policies is very real,” Laux said in prepared remarks. “With property insurers affirming elements of cyber cover in their policies, insurers are exposed to significant losses, which are not necessarily priced accordingly.”

Better information, Laux said, will help industry participants “make better decisions about placing cyber risk.”

To conduct the study, cyber risks analytics InsurTech CyberCube created a sample a sample portfolio based on the U.S. business property industry and subjected it to modeled cyber loss scenarios, quantifying non-physical damage losses. AM Best then used the results of this analysis to assess the impact on the balance sheets of 579 U.S. property insurers. Aon’s role involved quantifying the risks and exposures written back into property policies and highlighting some best practices for managing the risks.

What the analysis found: 12 of the property insurers analyzed fell one level in the Best Capital Adequacy Ratio, and four dropped two levels. One insurer fell three levels, and another fell four.

Cyber Clarity Is Key

The report argues that while the 1-in-100-year loss estimate of $12.5 billion is a manageable cyber risk cost in the property market as a whole, problems are coming. The study authors expect the large growth in cyber losses anticipated in the next few years to challenge the industry’s ability to manage the “quickly increasing” loss estimate costs.

At the same time, explicit underwriting and “clarity of cover” can help address this, according to the study.

Suggestions include focusing on portfolio management when offering cyber coverage under property policies and also conducting “thorough underwriting” of any cyber exposures.

“Thorough underwriting of cyber exposures will also help to clarify for insurance buyers what cyber cover they have in their property policies and how it might respond,” the report concludes. “Offering cyber coverage through package policies, or write-backs in property policies, may provide adequate cover for small businesses. Carriers should be explicit in what coverage is granted and how the property policy might respond.”

Other ways to improve the situation include favorable risk management techniques such as modeling an insurer’s own individual portfolios with customized stress scenarios to identify cyber risks exposures. Insurers can also work with their reinsurance broker to manage their accumulation risk, the report concludes. As well, the report recommends carriers prepare for more action on silent cyber from both regulators and ratings agencies as they push for better practices in the cyber realm.

The full report is “Spotlight on Cyber: A study of aggregation risk in the U.S. property insurance market.”

Source: CyberCube, AM Best, Aon