Insurance Day is part of Maritime Intelligence

This site is operated by a business or businesses owned by Maritime Insights & Intelligence Limited, registered in England and Wales with company number 13831625 and address c/o Hackwood Secretaries Limited, One Silk Street, London EC2Y 8HQ, United Kingdom. Lloyd’s List Intelligence is a trading name of Maritime Insights & Intelligence Limited. Lloyd’s is the registered trademark of the Society Incorporated by the Lloyd’s Act 1871 by the name of Lloyd’s.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By


Cyber catastrophe event could top $33bn

Comparison of cyber model outputs finds one-in-200-year event loss estimate ranges from $15.6bn to $33.4bn

Analysis by Guy Carpenter of cyber catastrophe models finds a range of estimates for a one-in-200-year event, with ransomware and malware the biggest driver of losses

A major global cyber event could cause losses of more than $33bn, Guy Carpenter has estimated.

Analysis of cyber catastrophe models conducted by the international broker found a range of loss estimates for a one-in-200-year cyber event of between $15.6bn and $33.4bn.

Although this was a wide range of estimates, Guy Carpenter said the divergence between cyber catastrophe models had become narrower compared with previous years.

The variation between models increased when looking at a one-in-50-year cyber event, with competing models putting potential losses at between $5.5bn and $23.4bn.

Guy Carpenter compared cyber catastrophe models from CyberCube, Cyence and Moody’s RMS by using its own data sets, including its database of policy terms and conditions and claims data, with the tools provided by the vendors.

The reinsurance broker also based its estimates on a total industry premium of $14bn.

CyberCube consistently had the highest estimates and Moody’s RMS the lowest, the analysis found. 

Across all three models, there was consensus a ransomware or malware event would be the largest driver of losses in a one-in-200-year event, with cloud outages and data theft also key scenarios that could cause losses.

Similarly, business interruption and contingent business interruption together formed the largest component of losses in all three models, albeit with significant variation between them.

Guy Carpenter said since its last analysis of cyber catastrophe models in 2019, there has been a greater recognition of the impact third-party and supply chain dependencies can have on businesses, with contingent business interruption now playing a much larger role in losses.

A lack of data to model cyber risks and exposures is seen by many as one of the key barriers to much-needed capital entering the market. Many re/insurers and capacity providers are concerned they do not fully understand their exposure to accumulation risks in the event of a major cyber incident, for example a major cloud provider outage.

Insurance-linked securities are also heavily reliant on dependable modelling to attract capital from investors who are wary of their exposure to cyber perils that have not been fully modelled or priced for. For the launch of its cyber catastrophe bond earlier this year, Beazley worked with CyberCube to model risk .

The industry is also working towards an open data standard, launched by Oasis Loss Modelling Framework in February, which it hopes will help improve modelling and bring capacity into the market.

Erica Davis, global co-head of cyber at Guy Carpenter, said improvements in the quality of data were “instrumental” in attracting capital to the cyber market.

“As the models continue to evolve, reinsurance buyers and sellers will be able to home in on what truly differentiates each portfolio and more accurately identify, price and trade key catastrophe risk,” Davis said.

While the size of these modelled losses would have an impact on the market, re/insurers had shown resilience to large catastrophe events in other lines, Anthony Cordonnier, also global co-head of cyber, said.

“In most cases these [losses] should not be insurmountable,” he added.

Related Content





Ask The Analyst

Ask The Analyst - Ask Your Question Send your question to our team of expert analysts. You can: • Ask for background information on/explanation of articles in Insurance Day * • Find out more about our views on industry developments • Ask for an interpretation of market trends • Source supplementary data relating to articles • Request explanations to further your understanding of current issues (* This relates to any Insurance Day that is included as part of your subscription) We will do the research and get back to you personally with the information you need.

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts