“Cyber attacks are now seen as one of the most serious economic and national security challenges now facing governments around the world,” the report states.

Cyber risks present a set of aggregations that spread beyond the corporations to its affiliates and supply chains. Some of the cyber risks that entities face include: legal liability, computer security breaches, privacy breaches, cyber theft, cyber espionage and cyber spying, cyber extortion, cyber terrorism, loss of revenue, recovery of costs, reputational damage, business continuity/supply chain disruptions and cyber threat to infrastructure.

High-profile data breaches, such the incident at Target Corp., are growing more commonplace with increasing costs. Since the data breach, Target has incurred $88 million in cumulative expenses, with expected insurance recoveries of $52 million, according to its 10-Q filing for the quarter ending May 3, 2014. The retailer says that it maintains $100 million of network-security insurance coverage with a $10 million deductible.

“Cyber” is a misleading term to describe the type of coverage offered for this market, the report states. Comprehensive policies include data privacy; regulation breaches, fines and penalties; network business interruption, first party loss: data damage and cyber extortion; and crisis management and identity theft response.

Companies are uncertain of how much coverage to acquire and whether their current policies provide them with protection, the report states. “One of the roots of the uncertainty stems from the difficulty in quantifying potential losses because of the dearth of historical data for actuaries and underwriters to model cyber-related losses.”

The reinsurer market is vast, Guy Carpenter predicts, as cyber crime costs the global economy about $445 billion every year.

Crystalizing risks

Crystalizing risks are those that are not new, but whose implications are emerging. This includes asbestos in the developing world and aluminum health risks.

Long-term care for bodily injury is becoming increasingly challenging for insurers, Guy Carpenter says. “Uncertainties that had previously been transferred to the claimant are now retained by the insurer in many regions.”

For severe bodily injury cases in the United Kingdom, claimants are now highly likely to opt for an annuity/periodic payment order (PPO) rather than a lump sum.

Unlike an individual claimant, the insurer needs to articulate these risks in its capital modeling.

Aggravating risks

In the final category of emerging risks – aggravating risks – are those perils that are relatively well-known but their incidence and impact are becoming potentially more serious. These include climate change, pandemics, megacities and antibiotic resistance.

Given the growing population, regional conflicts, the expansive reach of social media for extremists to spread their messages and recruit, as well as the diversity of possible attack modes to cause human and economic loss, Guy Carpenter cites terrorism as an aggravating risk.

Congress' failure to reauthorize the Terrorism Risk Insurance Act—schedule to expire Dec. 31—only adds to the risk uncertainty.

“Without a successful renewal, it is expected that insurance capacity for terrorism coverage will diminish and insurers and consumers may face substantial price increases, threatening the U.S. economy,” the report states.

Casualty (liability-based) catastrophes have become increasingly frequent and severe over the past decade, exposing reinsurers to more risk than they may have realized and reserved for.

“One root cause has the potential to trigger a chain reaction of liability…that can involve multiple lines of business,” the report states.

Casualty catastrophes do not follow patterns, unlike property catastrophes. A hurricane on the Florida coast is not unusual, but casualty catastrophes rarely arise from the same conditions.

Casualty writers need to be proactive in regard to unknowns, and the maturation of enterprise risk management practices and the development of new niche, open platform and casualty-specific catastrophe models signal a change. It is becoming possible to model the accumulation of an increasing number of casualty risks, whether technological, crystalizing or aggravating, both knowable and manageable, the report states.