Reinsurers must anticipate new risks in the digital age
It's been a challenging few years for the reinsurance industry. But as they say, sometimes it's darkest before the dawn.
In recent years, the reinsurance industry has faced substantial headwinds — both figuratively and literally. With catastrophic hurricanes and the California wildfires, many major reinsurers felt serious financial strain in 2017. Not only that: Leaders worldwide are concerned about how the entire industry operates and the sustainability of the reinsurance industry in the decades ahead.
With a new pressure on margins and emerging digital transformation, an EY report says some reinsurers might find themselves struggling to survive. On the state of the property catastrophe market the CEO of leading global reinsurer Swiss RE, Christian Mumenthaler, said the industry needs to, ‘get used to a world where margins are much lower.’ In short, the current outlook doesn’t seem particularly positive.
But this short-term strain may actually be hiding a far more prosperous future for reinsurers. With digital transformation, the nature of risk for the global economy has transformed.
What follows are three reasons why the reinsurance industry could very well be on the brink of revival.
No. 3: There’s been a shift from physical to non-physical assets.
Back in 1975, Standard & Poor 500 companies held a large amount of physical assets and infrastructure. In fact, upwards of 80% of their market capitalization was derived from things like machinery and factories. However in 2015, 87% of this market cap is actually linked to data, IP and other intangible assets.
It’s evident a huge shift has emerged; non-physical assets simply hold more importance these days.
So what happens when they’re put at risk/? Companies can lose billions of dollars. Cyberattacks have skyrocketed in recent years. In the first half of 2017, 918 data breaches occurred globally to compromise almost 2 billion data records, a 164% increase over 2016. In addition, business interruption claims in the hundreds of millions of dollars hit from malware that cased simultaneous damage to hundreds of thousands of machines globally. Accordingly, a report from Allianz illustrates risk managers considered cyber incidents as their second-biggest concern in 2017, just after business interruption.
Their level of concern is warranted. Research supported by CyberCube, the Hewlett Foundation, and conducted by RAND, shows that cyber crime could cost the global economy $275 billion at the lowest estimate. As more new technologies come to market, this number could increase to a multi-trillion dollar figure.
The Internet of Things (IoT) in particular poses a significant threat. By 2020, we’ll see an estimated 200 billion IoT devices on the market globally. And by 2025, the IoT could provide a positive economic impact of about $4 to $11 trillion USD. But while the IoT sector provides a great opportunity for companies, it also presents a substantial risk. If organizations don’t mitigate cyber attacks, malicious hackers could manipulate smart devices to eavesdrop on users, get access to their Internet networks, or carry out botnet attacks to send spam and steal data.
Additionally, the difference with cyberattacks is that they don’t necessarily cause one-off damages. The research conducted by CyberCube suggests that there won’t be as many losses impacting individuals firms, but more large-scale attacks affecting multiple global companies. Think of it like this: instead of one factory being hit by a flood, 100+ of them will be destroyed by a hurricane.
No. 2: Cyber risk has serious implications for reinsurers.
Cyber insurance coverage is estimated to grow in the coming years to over $3 billion in premiums. Some even predict sales in the U.S. could hit $20 billion by 2025. When you layer on the silent cyber coverages and the fact that digital risk will impact all aspects of the global economy, over time it is hard to imagine a line of insurance not being impacted by cyber risk. These emerging cyber risks are manifold, and sophisticated reinsurers will stand to make the most gains from this shift.
Reinsuring a company’s intangible assets and the business interruption from digital outages isn’t like reinsuring a manufacturing facility — rather it requires a huge amount of expertise to correctly monitor and understand the risks at stake. Modelling cyber risks effectively would also mean reinsurers would need to develop a very focused level of expertise, essentially becoming an expert on a few types of attacks, as opposed to cyber-attacks as a whole.
All in all, it’s imperative for reinsurers to educate themselves on cyber insurance scenarios before cyberattacks take place. So when the market spikes, they’ll be ready to take on the challenge.
No. 1: Reinsurers can capitalize on the opportunities presented by the digital economy.
Cyber risk presents a new opportunity for reinsurers to expand their scope — and relevance — in the new digital economy. However, doing so requires action. Here are some tips:
- Get started. Participate in the affirmative standalone cyber insurance market. Even if it only covers a portion of cyber, it is a useful way to learn about this important new risk.
- Get your team on board. Identify a group of individuals within your organization that are passionate about the emergence of digital risk. Provide them with specialized training in cyber security, even if that requires sponsoring further education.
- Make some hires. Hire cyber security talent into your organization that is interested — and capable of — applying their knowledge to insurance.
- Leverage new tools. Invest in the third-party vendor tools that are being developed to help insurers quantify aggregation. These include tools such as cyber underwriting software or cyber catastrophe aggregation models.
- Make partnerships. Develop relationships with technology companies and academic institutions which augment your own in house capabilities.
Just remember not to make these mistakes:
- Don’t make assumptions. Cyber aggregation risk aren’t always limited to standalone affirmative cyber insurance policies (there is significant cyber exposure today as an insurer or reinsurer).
- Don’t wait. Invest in your capabilities before a digital aggregation event impacts your balance sheet.
- Don’t only reply on third party models. You need to use a model that’s transparent, and gives you the ability have your own view of risk.
- Don’t look backward. It’s important to not model cyber aggregation events based on historical events alone. Rather, more forward-looking models are needed, including those using threat intelligence.
- Don’t rely on cedents issuing more exclusions to manage cyber aggregation risk. A P&C insurance market that doesn’t insure activities using an internet connection does not have a sustainable business model for 21st Century risk.
It’s been a challenging few years for the reinsurance industry but as they say, sometimes it is darkest before the dawn. Rather, individual reinsurance companies need to invest in understanding how risk is changing in the 21st Century to realize the business opportunities that come from having superior insight in this space. Reinsurers and providers of reinsurance capital that are able to do so effectively, will be the ones that prosper in this new digital age.
Pascal Millaire is CEO of CyberCube. a leader in cyber risk analytics for the insurance industry. To reach this contributor, send email to pascalm@cybcube.com.
See also:
3 reinsurance negotiation strategies for insurance carriers
Reinsurers turn sexy as suitors see disaster-scarred targets