No longer the new kid on the block of insurance coverages, cyber insurance has matured rapidly against the backdrop of rapid technological advances and an increasingly digitised economy.
Projections on where the market will go next vary – with the Swiss Re Institute expecting premiums to grow to US$23 billion by 2025 while research from Howden indicates the market could be on course for a premium base of $40 billion by 2030. The consensus, however, is clear, cyber risk is continuing to rise and cyber insurance is essential in helping to bridge an ever-growing protection gap amid increasing technological dependence.
Amid the many “aggressive growth projections” of the cyber insurance market and the exciting picture that they paint for P&C, there’s an element of this growth story that doesn’t get talked about quite as much – the capital needed to support that growth. That’s the point of interest for Jon Laux (pictured), VP of Analytics and his team at CyberCube, and the focus of their recent report, ‘Projecting Cyber Insurance Growth’.
The report explored a 10-year projection of the cyber insurance market’s trajectory, under the banner of several different growth scenarios – that of 10%, 20% and 30% annual growth. “We were purposefully not overly specific on the numbers,” he said, “because we didn’t want people to fixate on those numbers but rather on how these growth scenarios could play out and what they would mean in terms of the potential capital need or capital allocation in 10 years time. And where might that capital come from?”
The 20% annual growth marker was the report’s middle scenario, and CyberCube’s report estimated that the approximately US$20 billion of capital allocated to US cyber today, could be US$120 million in 10 years. “So, you’re starting to talk about a non-trivial percentage of the overall P&C market at that point. And obviously, reinsurance has played a big role and will continue to, but the question now is how much of a role will it continue to play?”
ILS is a relatively very new conversation and often when the question of cyber capital is raised, ILS is touted as the solution that’s going to solve everything. Certainly, he said, CyberCube has played an instrumental role in helping to bring ILS to the table as a demonstrable solution – and to champion the ways in which the reinsurance value chain can work together with ILS fund managers to bring new cyber reinsurance capacity to the market. The success of that work has been gratifying and it’s off to a good start but ILS cannot paint the whole picture.
In a scenario where cyber perils become as significant as peak perils, there remains a significant capital question mark. Reinsurance will fill some of the need, and there may be a certain role for the public sector to play in helping to bridge that exposure gap. On the latter front, Laux noted that CyberCube has been actively involved in several discussions about potential public-private partnerships in cyber. While there’s nothing concrete in place right now, when you’re looking at a 10-year horizon, conditions are subject to change.
“One of the other interesting themes that has come up in our conversations with market participants about the future of cyber is around capital efficiency,” he said. “Everybody seems to agree that capital efficiency is going to improve. And we agree, or at least we certainly hope. But it’s interesting that there’s not one right answer for what improving capital efficiency really means.
“For some, it might mean some geographic diversification, to the extent that this is a meaningful metric in cyber, which has not yet been proven. For others, it’s about new kinds of products that are less correlated to existing cyber risk models. For instance, personal cyber has come up as an idea quite often and could present an opportunity for diversification for much of the market. But it hasn’t shown the demand that commercial cyber has.”
Another potential avenue is that of coverage innovation, he said, especially on the reinsurance side. Also interesting to see has been the move towards event-based coverage over time. This is a testament to the fact that cyber models have become better and people are now more comfortable and confident when it comes to trading cyber risks on event definitions – which he expects is a trend that will likely continue.
“Each of these factors paints a picture of where the market stands – and what could shape the market going forward,” he said. “We wrote this report not to end the conversation but to start one. We know the conversation about capital and capital efficiency is one we’re going to have to be talking about a bit more over time, in terms of what this looks like and where we go next.”