Potential losses across re/insurers’ cyber portfolios could be reduced by more than 40% through diversification and close to 60% through mitigation, according to CyberCube.

The cyber specialist found that diversification across geography, revenue, industry and technology can lower potential losses by up to 42%, while measures such as strong patch management, network segmentation and robust back-up protocols can cut tail losses by up to 57%, particularly in the case of widespread ransomware attacks.

Jon Laux, vice-president of analytics at CyberCube, said: “The cyber insurance market has experienced rapid and sustained growth over the past several years, emerging as a catastrophe-exposed and capital-intensive line of business. This trajectory, while promising, heightens the need to understand the role of diversification and risk mitigation – two themes that have been extensively examined in natural catastrophe insurance, but remain comparatively underexplored in cyber.”

Cyber risk is still heavily concentrated in the US, which accounts for around two-thirds of the global cyber insurance market. Many of the most severe tail events are also linked to US-based technologies, particularly operating system providers and major cloud service firms.

CyberCube added that while achieving the full benefits of diversification is challenging given the market’s current reliance on US policyholders and technology firms, this dependence is likely to lessen as European and Asian markets continue to grow. The company expects these regions to see faster expansion than the US in the coming years.

---