articles Ratings /ratings/en/research/articles/220824-cyber-risk-in-a-new-era-the-future-for-insurance-linked-securities-in-the-cyber-market-looks-uncertain-12471272 content esgSubNav
In This List
COMMENTS

Cyber Risk In A New Era: The Future For Insurance-Linked Securities In The Cyber Market Looks Uncertain

European Insurance Outlook 2025 Video

COMMENTS

Highlights From The European Insurance Conference 2024

COMMENTS

Cyber Insurance Market Outlook 2025: Cycle Management Will Be Key To Sustaining Profits

NEWS

Report Says A Prolonged Financial Market Downturn Would Erode Insurers' Surplus Capital Across EMEA


Cyber Risk In A New Era: The Future For Insurance-Linked Securities In The Cyber Market Looks Uncertain

Worth almost $100 billion, the ILS market is an important source of capacity for (re)insurance and retrocession, mainly within the natural catastrophe space. According to Aon PLC, investors in ILS provided around $97 billion in capital at the end of the first quarter of 2022, slightly up from $96 billion at year-end 2021. This amount represents about 15% of the capital provided to the global reinsurance industry in total, and has remained relatively steady since 2018. In contrast, over the same period, capital from traditional sources has increased by 12% (see chart 1).

Chart 1

image

ILS capital is invested in the insurance industry in various ways, for example, catastrophe bonds; sidecars, that is, structures that allow for private investments in insurance risks; collateralized reinsurance; or industry loss warranties (ILWs), reinsurance contracts that take effect when industry losses reach a certain level. The main purpose of ILS capital is to assume (underwrite) risk where there are high concentrations of exposure to ensure that, in the event of a major loss, the risk is not only shared among global reinsurance companies and their debt and equity investors, but also among investors in the broader capital markets. This allows reinsurers to protect their earnings and capital from natural catastrophe events, and investors to make their portfolios more diversified by investing in assets that have a low correlation with other financial markets. Historically, as long as the pricing was attractive, ILS capital has filled the gaps where traditional capital had either retrenched or was unavailable.

This is where the cyber insurance market now presents an opportunity. The demand for protection from cyber risk is increasing, but the capacity offered by the (re)insurance sector is not growing at the same pace, leading to significant policy rate rises and a protection gap. This could provide an opening for ILS investors to gain exposure to cyber risks, in the same way they did with natural catastrophe risks in the nineties following Hurricane Andrew in 1992. However, so far, ILS investors have not shown much interest, and in S&P Global Ratings' view, the cyber ILS market is still in its infancy. So what's holding them back?

ILS Investors Have Been Bitten By Natural Catastrophe Risk

Overall, the ILS market has not grown as much as some market participants had expected it to five years ago. The main reason for this limited growth is the low investment returns that ILS investors have had since 2017 and the strong performance of the debt and equity markets up until recently. Investors also learned the hard way that they can be exposed to perils that they had not fully modeled and/or priced for, such as wildfires, tornadoes, floods, not to mention the COVID-19 pandemic. Usually, insured losses from these secondary perils are less severe than losses from hurricanes, tropical cyclones, earthquakes, and tsunamis. However, in recent years, secondary perils have increased in frequency, and, in aggregate, resulted in higher losses for investors than they had expected (see chart 2).

Chart 2

image

Hence ILS investors, wary of secondary perils and high-frequency losses, have reduced the ILS capacity available to underwrite risk layers, and are more likely to aggregate deals that cover a sequence of events. This retrenchment has occurred most notably in collateralized reinsurance, reducing the availability of retrocession capacity in recent renewals. In contrast, catastrophe bond issuance has been strong since 2020 (see chart 3). Most catastrophe bond issuers in the past 12 months were repeat issuers, such as Everest Re, SCOR, Pool Re, and Swiss Re, but we have also seen some first-time issuers such as Peak Re, Toa Re, and China Re.

Chart 3

image

Three Characteristics Of The ILS Market

It is a buyers' market

Future returns on ILS look better than they were prior to 2017. Catastrophe bond multiples--that is, the price per unit of risk assumed--have been increasing, making such bonds more attractive for investors. At the same time, investors remain firm about their return expectations. According to Artemis.bm, a provider of news, analysis, and data on the ILS market, the average change between the guidance and final price in catastrophe bond placements in second-quarter 2022 was 10.6% (see chart 4). This is particularly high, as usually the change is either negative or much smaller, and reflects the harder price environment. Furthermore, some recent deals failed to be placed at all, highlighting the ILS market's firm stance on minimum return expectations.

Chart 4

image

Negotiations are not only becoming harder in terms of pricing, but also in reference to terms and conditions. Retentions by cedants have increased and certain perils have been excluded. This is evident from data from our cohort of the top 21 global reinsurers. Cedants used 50.0% of ILS capital as part of their reinsurance program in 2021, slightly down from 51.3% last year (see chart 5). The reduction in risks ceded to ILS is most pronounced for the large global reinsurers. This is due to reinsurers' retention of more risks on their own books in the current hardening pricing environment and the reduction in the retrocession capacity available. For midsize global and other reinsurers, usage of ILS has gone up. This could, among other things, be due to higher premiums written because of rate increases and inflation, and less capacity at the global reinsurers, prompting smaller players to turn to the ILS market.

Chart 5

image

In addition, deals have been structured to allow for adjustments for inflation, another topic of concern for the ILS market. For example, Everest Re's recent Kilimanjaro III Re catastrophe bond issuance introduced an inflation adjustment factor such that if inflation exceeds a certain percentage, the attachment point--the point at which (re)insurance limits apply--will increase accordingly. Other deals have moved away from providing protection for actual loss adjustment expenses.

It is dominated by natural catastrophe risks

In the first quarter of 2022, more than half of ILS deals covered international and multiple U.S. perils, according to Artemis.bm. Most other deals have focused on U.S. hurricanes, floods, and medical benefit claims. There are only a few perils that ILS cover that are not linked to natural catastrophes (see chart 6).

Chart 6

image

Its correlation with the broader financial markets is low

In a recent selloff of financial assets driven by inflation concerns, interest rate hikes, and the Russia-Ukraine conflict, the markets for many of these types of assets, such as equity and bonds, have seen severe downturns. ILS behave differently to such assets as they have less exposure to interest rate duration risk than traditional bond instruments. Most ILS have a component of their performance linked to a benchmark rate, reducing the interest rate risk for investors. Furthermore, ILS' cash flow streams are tied to actuarial risk, the risk that the actuarial assumptions underpinning the price of a policy may prove wrong. This risk is commonly associated with specific natural disasters.

At a time of high market volatility for other asset classes, ILS has allowed investors to obtain liquidity by selling their ILS without realizing losses. This has led to a reduction in investors' assets under management, as they turned to ILS to meet their liquidity needs and avoid crystallizing investment losses. If losses are within investors' expectations this hurricane season, and pricing continues to harden, we could see more ILS capital become available. This could happen if we see the market broaden beyond insurance cedants to, for example, corporate companies or property investment funds, or if the market moved into new perils, such as cyber. However, cyber risks could have a closer correlation with the financial markets.

The Cyber Insurance Market Lacks Capacity

The demand for cyber insurance outstrips the existing capacity. Awareness of cyber risk is increasing, and cyber insurance is becoming an important risk management tool, not only for larger corporates, but also for small-to-midsize enterprises and even retail customers. At the same time, capital across the entire cyber insurance value chain is becoming limited and (re)insurers remain cautious about taking on this type of risk (see "Cyber Risk In A New Era: Reinsurers Could Unlock The Cyber Insurance Market," published Sept. 29, 2021).

Insurers of cyber risk are providing the same or less coverage for a higher price due to the potential for huge accumulation losses and the extreme increase in ransomware and business interruption claims in 2020 and 2021. The volatility within the cyber insurance segment and the evolution of new types of cyber attacks make solutions for the emerging risks key factors in the market's development (see "Cyber Risk In A New Era: The Rocky Road To A Mature Cyber Insurance Market," published July 26, 2022).

Cyber insurance premiums topped $9 billion in 2021, according to Munich Re. We assume that the figure is likely to increase at an average 25% per year to about $22.5 billion by 2025. That forecast growth might seem to be a sign of a burgeoning cyber insurance market, but we expect that the smaller part of the increase in total premiums will result from greater capacity to write policies, or from a significant increase in the size of insurance contracts. We believe that the larger part is likely to come from a significant increase in rates, driven by a supply and demand mismatch and insurers' cautiousness in taking on new risk. Still, cyber insurance is the fastest growing line of business today and in our base-case assumption for the coming years (see chart 7).

Chart 7

image

The Cyber ILS Market Is Still In Its Infancy

A more mature retrocession and ILS market could increase the capacity and support the growth of the cyber insurance market, and lead to better returns on capital because of efficient capital management further down the (re)insurance chain. This is reminiscent of ILS' origins in response to a shortage of (re)insurance capacity from private and public sources for natural catastrophe risks following Hurricane Andrew, which struck the Bahamas, Florida, and Louisiana in 1992.

Despite making some cautious steps in the maturing cyber (re)insurance market, so far, the ILS market has not shown much interest in providing additional capacity. However, if the primary market grows at pace, there may be potential for passing cyber risk on to reinsurers and retrocessionaires, and potentially to the alternative capital market (see "Cyber Risk In A New Era: Reinsurers Could Unlock The Cyber Insurance Market," published Sept. 29, 2021).

Currently, there are no affirmative (explicit) cyber catastrophe bonds or sidecars outstanding, but there have been some small cyber-related ILS transactions in the form of collateralized reinsurance from some of the Bermuda-based ILS carriers. Furthermore, non-affirmative or silent cyber risk exposures already exist in ILS transactions, as cyber events can lead to claims in other lines of business, such as property and liability insurance (see "Cyber Risk In A New Era: Let's Not Be Quiet About Insurers' Exposure To Silent Cyber," published March 2, 2021).

According to PCS, a Verisk business and provider of catastrophe data, around 90% of ILS fund managers are concerned about the potential for silent cyber exposure within their funds. Since silent cyber claims can have a detrimental impact on other insurance lines of business, ILS funds with exposure to operational or property risk already carry the costs of silent cyber risk. The question is, are ILS investors sufficiently rewarded for that risk, and was their intention to expose themselves to cyber risk in the first place?

ILS structures focusing on clearly defined cyber events would help to separate cyber from property risks. A clear separation would not directly solve the issue of silent cyber, but it would further highlight the need for clear and robust cyber risk exclusions further down the (re)insurance value chain to prevent silent cyber claims. Furthermore, it could encourage clearer inclusions and exclusions of perils within cyber insurance contracts, thereby improving transparency, potentially for ILS investors as well.

Cyber Risks Disincentivize More Than Incentivize ILS Investors

The strong growth rates in the cyber insurance market might prompt ILS asset managers to consider cyber risk when evaluating new opportunities for expansion. Institutional investors seek portfolio diversification, while the insurance industry is seeking additional capacity. Furthermore, cyber risks are fairly new as underlying risks, and could improve diversification for investors focusing on first-party cyber risks, like forensic costs, crisis communication, and business interruption, and third-party cyber risks like data breaches, network interruption, and media liability. Further incentives are the underlying industry growth; rate hardening and improvements in profitability; potential diversification benefits; a lack of correlation with most other underlying ILS risks, such as natural catastrophes; and improved modeling capabilities and risk awareness over the past two years (see table 1).

However, we believe that disincentives currently outweigh incentives for ILS investors when it comes to cyber risks. Cyber insurance is a more capital-intensive line of business than pure property-catastrophe insurance, since the third-party risk implies a longer tail. Further key challenges are potential accumulation risks and interrelated losses, and the complexity and heterogeneity of insured perils. The accumulation of claims within a cyber insurance portfolio can expose an insurer to high financial losses. A severe natural catastrophe can also affect many countries, but is usually limited to a certain region. Cyber risks are not limited by region and can easily spread across the globe in a few seconds. As evident from attacks like NotPetya and WannaCry, there is significant accumulation potential due to increasing digital interconnectivity and interfaces along multiple supply chains.

In addition, the cyber market's initial focus was on capacity in proportional reinsurance, instead of excess-of-loss reinsurance structures, which ILS investors appear to prefer. Cyber excess-of-loss reinsurance contracts are still in a build-up phase, but most contracts written are on a risk-attaching basis. This is not attractive to ILS investors, as losses on those underlying contracts are ceded to the reinsurer, regardless of when they occur. As a result, exposure is not confined to the period of the contract and could last multiple years. But the recent move to claims-made structures, which shorten the tail of the exposure to a year, could make cyber insurance more interesting for ILS investors.

Table 1

Disincentives Outnumber Incentives For ILS Investors In The Cyber Space
Incentives Disincentives
Significant growth in the cyber insurance market and underlying cyber incidents Large accumulation risk, given the potential for interrelated losses
Diversification benefit for investors thanks to different underlying risks The complexity and heterogeneity of insured perils, with different first- and third-party risks
The potential for recent moves to claims-made structures to shorten the tail The potential for a longer tail compared to property-based natural catastrophe bonds
Improvements in profitability thanks to rate hardening A potential positive correlation with the capital markets
Elevated cyber awareness across small-to-midsize enterprises, larger organizations, and critical infrastructure Short data history and the dynamic nature of cyber risk
Improving modeling capabilities Silent cyber exposure
Divergent policy wordings and exclusion definitions
Cyber risks could have a positive correlation with the financial markets

Data breaches may weaken equity prices and widen credit default swap spreads in the short term, increasing the link between cyber events and the financial markets. In a study in 2020, we analyzed the impact of cyberattacks (data breaches) from 2007 to 2019 for 32 rated companies from the technology, financial institution, and corporate sectors for a total of 41 events (see "Cyber Risk In A New Era: Recent Cyber Events And Impact On Company Financials," published Oct. 23, 2020). A key conclusion was that the data breaches did not have a lasting effect on revenue and EBITDA, as there was no clear evidence of declines in quarterly revenue attributed to the data breaches. However, most data events did cause a drop in equity prices after the event had been reported in the news, although they rebounded and normalized in subsequent weeks (see chart 8).

Chart 8

image

Some data breach events caused a rise in credit default swap spreads after the event was reported, normalizing in subsequent weeks (see chart 9).

Chart 9

image

However, our study only covered cyber events involving data breaches. An additional key risk we did not analyze was accumulation risk, as cyber risks can easily spread across the globe. Hackers exploit systemic weaknesses in digital business systems, and cybersecurity approaches need to recognize this to plan for the catastrophic repercussions and increased threats to critical infrastructure.

ILS with exposure to underlying natural disaster risk offer diversification and real returns that are mostly independent of the capital markets. This gives them a clearer diversification profile and shorter tail. In contrast, a big cyber event could trigger a decline or volatility in stock and bond market values, increasing the correlation with the capital markets.

Industry Loss Warranties Could Be A Good Entry Point

Rather than increasing their commitment to cyber, primary insurers are decreasing their own retention levels by ceding higher shares to reinsurers. We assume that primary insurers cede about 45%-55% of cyber insurance premium to reinsurers, up from about 35%-45% roughly a year ago. This underscores the importance of the reinsurance industry providing cyber capacity. Ongoing improvements in the definition of insured cyber-event triggers and the language used for the terms and conditions, as well as recent moves to claims-made structures that shorten the tail of the exposure, might increasingly motivate (re)insurers to access alternative forms of capital. Given the underlying systemic nature of cyber risk, scenario modeling will be key for investors when taking on cyber insurance underwriting risks. Leading insurers in the field of cyber insurance and modeling agencies like PCS, Kovrr, DeNexus, and Cyber Cube play an important role and strive to continuously improve their modeling capabilities.

We see an opportunity for the ILS sector to be the first to focus on ILW products using industrywide estimates for each event, resulting in a cyber industry loss index trigger. Around 25% of the total current catastrophe bonds and ILS already have an industry loss index trigger. PCS provides such industry loss estimates for global cyber loss events and reports when a firm believes that an event is likely to cause more than $20 million in insured losses. Factors that PCS includes are "actual reported losses", "reserves that are set", and "any information on insured losses from announcements, news stories, regulatory filings, and conversations with industry stakeholders". Focusing more on ILWs using industry loss triggers would help investors to improve their understanding of cyber tail risk and could be an entry point for the ILS sector.

In view of the challenges mentioned above, cyber ILS transactions can be very complex, and complex transactions are likely to fail. A more simplified approach, starting with only one defined cyber peril, such as a cloud outage, a service provider outage, or an attack on critical infrastructure, instead of multi-peril agreements, will help investors better understand the underlying risk, and, as a result, quantify their risk exposure.

Chart 10

image

A parametric trigger is a predefined event--for example, a global cloud outage--that triggers the payment of a set amount according to a pre-agreed schedule. Such events can refer to an industry-based trigger with pre-agreed limits, paying out, for example 50% or 100% of an insured sum based on an independent and verifiable parameter without a lengthy claims settlement process. Recent improvements, especially for trigger mechanisms, increase the potential for ILS participation.

A Simpler Approach Could Increase ILS Investors' Appetite For Cyber Risk

One way of attracting ILS investors to the cyber insurance space could be to offer different underlying cyber risks that could improve the diversification profile of ILS funds. Another way could be to focus on simplified and affirmative cyber transactions with clear peril definitions, and establish ILW products that have a cyber industry loss index trigger. This more cautious approach would help investors improve their understanding of cyber tail risk. Having more entry points for investors and opportunities for (re)insurers to transfer specific and clearly defined risks to the capital market could help to sustain the cyber insurance value chain.

To date, the appetite among ILS investors for cyber risk is rather limited and varies heavily, according to feedback from ILS managers. Some investors have even said they have no appetite for cyber risks at all. That is mainly due to the substantial accumulation risk, the potential positive correlation between cyber attacks and the financial markets, and the complexity and heterogeneity of cyber risks. Furthermore, cyber modeling is still in its infancy, many years behind natural catastrophe modeling, and less reliable, although information about cyber-related claims and response strategies is growing. Consequently, in our view, the cyber ILS space will grow rather slowly and is likely to remain niche in the short-to-medium term.

Related Research

This report does not constitute a rating action.

Primary Credit Analysts:Manuel Adam, Frankfurt + 49 693 399 9199;
manuel.adam@spglobal.com
Maren Josefs, London + 44 20 7176 7050;
maren.josefs@spglobal.com
Johannes Bender, Frankfurt + 49 693 399 9196;
johannes.bender@spglobal.com
Secondary Contacts:Simon Ashworth, London + 44 20 7176 7243;
simon.ashworth@spglobal.com
Taoufik Gharib, New York + 1 (212) 438 7253;
taoufik.gharib@spglobal.com
Cristina Polizu, PhD, New York + 1 (212) 438 2576;
cristina.polizu@spglobal.com
Tiffany Tribbitt, New York + 1 (212) 438 8218;
Tiffany.Tribbitt@spglobal.com
Research Contributors:Ruchika Agrawal, CRISIL Global Analytical Center, an S&P Global Ratings affiliate, Mumbai
Rachit Chauhan, CRISIL Global Analytical Center, an S&P Global Ratings affiliate, Mumbai

No content (including ratings, credit-related analyses and data, valuations, model, software, or other application or output therefrom) or any part thereof (Content) may be modified, reverse engineered, reproduced, or distributed in any form by any means, or stored in a database or retrieval system, without the prior written permission of Standard & Poor’s Financial Services LLC or its affiliates (collectively, S&P). The Content shall not be used for any unlawful or unauthorized purposes. S&P and any third-party providers, as well as their directors, officers, shareholders, employees, or agents (collectively S&P Parties) do not guarantee the accuracy, completeness, timeliness, or availability of the Content. S&P Parties are not responsible for any errors or omissions (negligent or otherwise), regardless of the cause, for the results obtained from the use of the Content, or for the security or maintenance of any data input by the user. The Content is provided on an “as is” basis. S&P PARTIES DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, FREEDOM FROM BUGS, SOFTWARE ERRORS OR DEFECTS, THAT THE CONTENT’S FUNCTIONING WILL BE UNINTERRUPTED, OR THAT THE CONTENT WILL OPERATE WITH ANY SOFTWARE OR HARDWARE CONFIGURATION. In no event shall S&P Parties be liable to any party for any direct, indirect, incidental, exemplary, compensatory, punitive, special or consequential damages, costs, expenses, legal fees, or losses (including, without limitation, lost income or lost profits and opportunity costs or losses caused by negligence) in connection with any use of the Content even if advised of the possibility of such damages.

Credit-related and other analyses, including ratings, and statements in the Content are statements of opinion as of the date they are expressed and not statements of fact. S&P’s opinions, analyses, and rating acknowledgment decisions (described below) are not recommendations to purchase, hold, or sell any securities or to make any investment decisions, and do not address the suitability of any security. S&P assumes no obligation to update the Content following publication in any form or format. The Content should not be relied on and is not a substitute for the skill, judgment, and experience of the user, its management, employees, advisors, and/or clients when making investment and other business decisions. S&P does not act as a fiduciary or an investment advisor except where registered as such. While S&P has obtained information from sources it believes to be reliable, S&P does not perform an audit and undertakes no duty of due diligence or independent verification of any information it receives. Rating-related publications may be published for a variety of reasons that are not necessarily dependent on action by rating committees, including, but not limited to, the publication of a periodic update on a credit rating and related analyses.

To the extent that regulatory authorities allow a rating agency to acknowledge in one jurisdiction a rating issued in another jurisdiction for certain regulatory purposes, S&P reserves the right to assign, withdraw, or suspend such acknowledgement at any time and in its sole discretion. S&P Parties disclaim any duty whatsoever arising out of the assignment, withdrawal, or suspension of an acknowledgment as well as any liability for any damage alleged to have been suffered on account thereof.

S&P keeps certain activities of its business units separate from each other in order to preserve the independence and objectivity of their respective activities. As a result, certain business units of S&P may have information that is not available to other S&P business units. S&P has established policies and procedures to maintain the confidentiality of certain nonpublic information received in connection with each analytical process.

S&P may receive compensation for its ratings and certain analyses, normally from issuers or underwriters of securities or from obligors. S&P reserves the right to disseminate its opinions and analyses. S&P's public ratings and analyses are made available on its Web sites, www.spglobal.com/ratings (free of charge), and www.ratingsdirect.com (subscription), and may be distributed through other means, including via S&P publications and third-party redistributors. Additional information about our ratings fees is available at www.spglobal.com/usratingsfees.

 

Create a free account to unlock the article.

Gain access to exclusive research, events and more.

Already have an account?    Sign in