Cyber risk accumulating in US property market could trigger a one-in-100-year loss of US$12.5bn - report

Cyber exposures accumulating in the US property insurance market could lead to US$12.5bn in non-physical damage losses, as well as a deterioration in capital adequacy ratios for up to 18 carriers, according to analysis published today.

The joint study, compiled by CyberCube, AM Best and Aon, created a sample portfolio based on the US small business property industry and subjected it to modelled cyber loss scenarios, quantifying non-physical damage losses. The results of this analysis were then used to assess the impact on the balance sheets of 579 US property insurers.

The scenarios used were large-scale data losses, large-scale ransomware attacks and a targeted ransomware attack on a medical devices manufacturer.

Rebecca Bole (pictured), CyberCube’s head of industry engagement, said: “CyberCube’s modelled loss figure of US$12.5bn suggests that the US property market is exposed to US$9.5bn of attritional losses and US$3bn of catastrophic losses in the return period. It is apparent that the property market is already paying attritional losses for non-affirmative cyber coverage.”

Of the 579 property insurers analysed, 12 carriers fell one level in the BCAR, four dropped two levels, and the remaining two fell three levels and four levels respectively. While BCAR assessments are not the sole determinant of a company’s financial strength rating, a significant deterioration in the BCAR assessment can lead to a downgrade of an insurer’s financial strength rating.

The research notes a mixture of regulatory pressure and good portfolio management practice is driving carriers to explicitly exclude (or affirm) cyber coverage from non-standalone policies, where silent cyber exposure may exist. However, it is becoming apparent that insurance carriers, while starting to offer explicit cyber coverage in US commercial property policies, may not typically be underwriting or pricing the risk accordingly.

The report's authors warns that cyber exposures in the US property market may be unaccounted for in carriers’ enterprise risk management strategies.

Sridhar Manyem, AM Best’s director, industry research, said: “While losses of US$12.5bn are relatively low when placed in the context of natural catastrophes, considering these exposures are often unpriced or unaccounted for in enterprise risk management, the impact on carriers can be significant and more importantly, unexpected.”

Jon Laux, Aon’s head of cyber analytics, added: “As this research shows, quantification of the aggregation potential from cyber-related losses in property policies is very real. With property insurers affirming elements of cyber cover in their policies, insurers are exposed to significant losses, which are not necessarily priced accordingly. Through better information, industry participants will be able to make better decisions about placing cyber risk.”

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.