Cyber cat modelling 'fit for ILS trading'
Broker Lockton says there has been ‘undeniable progress’ in the methodology and data behind cyber risk models
Main barriers to cyber-ILS products could all now be mitigated to a point where investors would be happy to enter the market, Lockton says
Cyber catastrophe modelling is mature enough to be used to support a cyber insurance-linked securities (ILS) market, Lockton Re has said.
The global reinsurance broker has said there had been “undeniable progress” in the methodology and data behind cyber catastrophe modelling, and cyber models were “fit for purpose to support investment trades”.
“The mechanisms and methodology behind cyber modelling are becoming better understood, and the strength of the data and frameworks being utilised is increasing all the time,” said Oliver Brew, London cyber practice leader for Lockton Re
“[This means] the potential for cyber-ILS investments can be leveraged to play a critical role in unlocking capacity required to continue developing the wider cyber insurance market,” he said.
In a white paper, written in conjunction with cyber risk analysts CyberCube, the broker added the market was at a point where the main barriers to cyber-ILS products – including concerns over systemic and accumulative losses – could all be mitigated to a point where investors would be happy to enter the market.
Despite being one of the fastest-growing lines of business, cyber has often struggled to find capacity, in part because of concerns about large accumulation events such as major malware attacks or major cloud computing outages.
An ILS catastrophe product has long been touted as a way to manage these types of accumulation risks and entice more capacity into the market, with Beazley launching the first cyber cat bond earlier this year. And last week, managing general agent Parametrix said it was developing a parametric-based ILS structure to provide cover for major cloud outages.
But, unlike natural catastrophes – a line where ILS products are more traditionally used – cyber risks are seen to pose more of a challenge when it comes to modelling and limiting risk exposure.
However, Lockton argued the cyber re/insurance market had a better handle on the accumulation risk than it was often given credit for and was getting better at collecting cyber risk data.
The whitepaper also said better intelligence on threat actors was helping to mitigate cyber risks, arguing that the human nature of cyber made them predictable.
"Intelligence on these threat actors, methods and targets is actively reported via structured data disseminated by the cybersecurity community," the paper said. "Trends in this data can be identified and models can be recalibrated accordingly."
On the accumulation risk problem, Lockton said there was enough segmentation build into large global internet infrastructure providers – both geographically and in the technology used – to make the threat of a global cascading attack "extremely remote".
It also said exclusions over war, state-on-state attacks and attacks on critical infrastructure were more commonly becoming standard.