cyber risks –a reinsurer’s perspective on exposure & claims6cc75279-416b-4e2a... · cyber...

Cyber Risks – A Reinsurer’s Perspective on Exposure & Claims

EMEA Claims Conference 2018, Rüschlikon, 6th – 7th March, Anthony Cordonnier

EMEA Claims Conference 2018 | Rüschlikon, 6th – 7th March | Anthony Cordonnier

Cyber: a claims sprint through the last year (and a bit…)

2

Source: flyertalk.com Source: businessinsider.com

Source: wikipedia.org Source: bleepingcomputer.com Source: Wikipedia.org

Source: Google.com

EMEA Claims Conference 2018 | Rüschlikon, 6th – 7th March | Anthony Cordonnier 3

Cyber coverage:trends & challenges


Cyber coverage landscape

4

Affirmative cyber covers

Data RestorationRegulatory Defence

Cyber Extortion

Incident Response Costs (might include Notification, Forensics, PR, Monitoring)

Communication and Media Liability

Business Interruption (BI) and Contingent Business Interruption (CBI)

Data Privacy Liability

Network and Information Security Liability

Third party covers First party covers


Underlying coverage trends

5

System failure coverage (named vs.

open perils)

Contingent business interruption

Cyber creep in GTPL (and other) policies

Bodily injury / property damage extensions in

cyber policies

Lack of standardized wordings

Critical infrastructure War Confiscation / seizure


Traditional treaty reinsurance structures applied to cyber (1/2)

6

Quota share

Risk XL

Alignment of interests

Solvency relief

Expenses funding

No protection against large losses

Large loss protection

Accumulation of retentions in case of event hitting multiple insureds


Aggregate XLStop loss

Event XL

Traditional treaty reinsurance structures applied to cyber (2/2)

Earnings protection

Capital relief

Lack of alignment of interests

Cost

One retention in case of large event

Difficulty in defining event

Complexity of a line of business that has multiple triggers


• Some reinsurance wordings include loose event definitions

When determining what shall be considered a single event, the Reinsured may include a single act or a series of related acts, and may consider objective factors including when and where such act(s) are executed, whether they are performed by the same perpetrator, whether they use the same technique or malware, and if they target insureds operating in the same industry segment.

• Current geopolitical climate is driving a push from brokers to weaken war exclusions

War, per the Reinsured's policies. However, this shall not apply to: a. Loss or damage arising out of or caused by an act of terrorism as defined in the

Definitions Article; or b. Loss or damage occasioned by riots, strikes, civil commotion, vandalism, malicious

damage, including acts committed by agents of any government, party or faction engaged in war, hostilities or other warlike operation, provided such agents are acting secretly and not in connection with any operations of military or naval armed forces in

the country where the interests insured are situated.

As always, the devil is in the wording…


Quantifying cyber risks & accumulation


The traditional actuarial approach

10

Source: Swiss Re Economic Research & Consulting


The challenges in applying traditional methods to cyber risks

11

Lack of empirical data

Lack of historical data

Lack common reporting standards for data breaches

Lack of understanding of rare & severe risks

Fluidity of risk drivers

New actors & new attack methods

The human element

Accumulation potential

IT monoculture

Cloud services

Correlated vulnerabilities


Cyber accumulation – main scenario clusters

Data Breach(Impact on personal data)

• Personal data and credit card data are stolen from several data banks using the same systems

Critical Infrastructure

(With or without property

damage)

• A virus is blocking the cooling system of several generators that sub sequentially start to burn

• Malware affecting a transmissions operator leads to a blackout (without property damage)

DDoS / IO(Distributed Denial of Service / Interruption of Operations)

• Coordinated attack that affects many e-sales portals

• Attack on clouds

• Widespread internet outage

12


Silent cyber


Silent cyber exposure matters because…

Source: PRA consultation paper CP 39/16

…it constitutes a real risk …it’s getting on regulators’ agenda

Traditional property insurance policies are expected to cover physical damage and business interruption from incidents like the cyber attack to a German steel mill in 2014

By its nature, silent cyber risk is not always identified, managed and monitored and may be a material risk for firms

“”The PRA expects firms to

robustly assess and actively manage their insurance products with specific consideration to silent cyber risk exposure

“”


Unless explicitly excluded, cyber risks might be covered by most conventional insurance policies

Extent of cyber risk coverage

Non- affirmative/silent

Affirmative/explicit

Partially excluded(e.g. NMA 2914)

Fully excluded(e.g. CL 380)

Silent cyber exposure:

• Depending on the scope of insuring agreements, losses caused by cyber perils might be silently covered in most conventional insurance policies

• Silent cyber can creep into policies where cyber exclusions are not fully exhaustive

• Trend towards digitization and new technologies such as IoT, smart homes, autonomous cars are likely to increase silent cyber exposure under conventional lines

• Underwriters should carefully assess how silent cyber exposure might impact loss severity and frequency

• Understanding silent cyber exposures in conventional lines is key to actively manage accumulation

Silent cyber in…

Property

General Liability

E&O

D&O

Motor

Other LoBs

Marine

Engineering


The limits of insurability


“Our adversaries are becoming more adept at using cyberspace to threaten our interests and advance their own, and despite

improving cyber defenses, nearly all information, communication networks, and systems will be at risk for years.”

A world of many threats

17

Daniel R. Coats, Director of National Intelligence Senate Select Committee on Intelligence, May 2017

“What I see frightens me. I am frightened because our enemies are no longer known to us. They do not exist on a map. They are not nations, they are individuals. And look

around you. Who do you fear? Can you see a face, a uniform, a flag? Our world is not more transparent now. It is more

opaque. It is in the shadows.”

‘M’, Skyfall


Criminal acts, terrorism, war: a blurred line

18

Losses arising out of malicious acts committed against an insured

Losses arising out of criminal / wilful acts committed by an insured

Losses resulting from act of cyber terrorism

Losses resulting from act of war


A few thoughts for the future

19

Role of governments

Role of pools

Role of financial markets


Legal notice

21

©2018 Swiss Re. All rights reserved. You are not permitted to create any modifications or derivative works of this presentation or to use it for commercial or other public purposes without the prior written permission of Swiss Re.

The information and opinions contained in the presentation are provided as at the date of the presentation and are subject to change without notice. Although the information used was taken from reliable sources, Swiss Re does not accept any responsibility for the accuracy or comprehensiveness of the details given. All liability for the accuracy and completeness thereof or for any damage or loss resulting from the use of the information contained in this presentation is expressly excluded. Under no circumstances shall Swiss Re or its Group companies be liable for any financial or consequential loss relating to this presentation.

cyber risks –a reinsurer’s perspective on exposure & claims6cc75279-416b-4e2a... · cyber...

Documents