A.M Best has discussed the challenges insurers face when writing cyber liability and what they can do to ensure their own safety.
Speaking to A.M Best TV, senior financial analyst Fred Eslami, said that the next few years will be crucial for cyber risk as interconnectivity continues across the globe.
“In the next few years, there are going to be nearly 50 billion devices connected to the Internet; therefore, expectation is that frequency and severity are going to increase,” Eslami said.
“With this realisation, companies spent US$70 billion in 2014 and US$75 billion in 2015 to protect and address cyber risk.
“We have been focusing on increasing the awareness of cyber security and cyber risk within the community of our rated entities as well as to understand and determine what impact such a risk will have on the financial strength of our companies.”
Eslami said that companies that write cyber liability face three major challenges thanks to a lack of data on the topic as the emerging risk continues to be top of mind.
“There is no, for example, actuarial analysis or result orientated data to do proper pricing, reserving and aggregation so that is one of the challenges,” Eslami continued.
“The next one is the evolving nature of the regulatory and legal environment which the industry is dealing with right now.
“The last one is, of course the rapid transition of legacy systems that we have to more advanced and open-source information technology.”
Eslami noted that once more data for cyber risk becomes available, businesses will be able to operate in the space more successfully and backed a stand-alone product as the way forward.
“I think once the actuarial information is gathered and articulated properly, the legal framework is defined better, there are three ways that we cans see how companies can improve their position vis-e-vis cyber.
“One is to devise and design specific cyber policies instead of including it as part of their CGL or D&O or property coverage. That helps, if nothing else, to reduce the legal costs of defending these cases.
“The next one would be for the companies themselves to come up with a single risk limit.
“These policies that they issue are kind of interconnected and typically you want to have a limit relative to your subclass on the policies that you issue so that is another element that would help eliminate unnecessary expenses.
“The last one would be, again, lack of actuarial studies, to come up with a contingency reserve on the polices or aggregate policies that they issue, again there is no IBNR (incurred but not reported) for cyber so with the contingency reserve that would be covered.”