Lockton Re has released a new report addressing the potential role of government-backed reinsurance in managing large-scale cyber risks.
The report explores how insurers and governments could collaborate to prepare for a catastrophic cyber event that could exceed the capacity of the private insurance market.
The report highlighted historical examples where governments have played a role in financial recovery following major disasters. It cites models such as Flood Re, Pool Re, the Australian Reinsurance Pool Corporation, and the US Terrorism Risk Insurance Program as frameworks that emerged in response to significant events.
Lockton Re said that these initiatives have helped stabilize markets where private insurance coverage was limited or unavailable.
Brian Lewis (pictured above), cyber practice leader for North America at Lockton Re, acknowledged that the idea of a government backstop remains a topic of debate and that executing such an initiative presents challenges.
However, he said developing a cyber risk pool proactively allows for structured planning rather than reactive measures following a crisis.
According to the reinsurance broker, the global cyber reinsurance market remained active in the second half of 2024, influenced by industry developments, market capacity shifts, and high-profile cyber incidents.
This period also saw continued profitability for the cyber reinsurance sector, with new entrants adding capacity, competition affecting rates, and increased focus on systemic risks.
Lockton Re also noted the increasing reliance on technology and the corresponding rise in cyber threats. In 2023, more than 420 million cyberattacks were recorded across 160 countries.
While most incidents have had limited financial impact, the risk of a large-scale event remains. The report questions whether the insurance industry’s current reliance on policy exclusions to limit exposure will be sufficient in the face of a major cyber catastrophe.
The report noted that an open discussion is needed on the role of government in supporting cyber risk coverage. It suggested that the insurance industry and policymakers focus on defining a minimum viable risk pool, allowing for gradual refinement over time.
Establishing such a framework before a major cyber event occurs, the report said, would be more manageable than implementing one in the aftermath.
What are your thoughts on this story? Please feel free to share your comments below.
