On Thursday 4 May the SAAX Group hosted chair of the Cyber Risk Working Party Dani Katz to discuss its research.
On Thursday 4 May the SAAX Group hosted chair of the Cyber Risk Working Party Dani Katz to discuss its research. The working party aims to improve the modelling of cyber risk, identifying emerging threats and risk mitigations as well as providing a framework in which capital requirements in respect to cyber risk can be derived. Although Solvency II did not explicitly have capital requirements for cyber risk, some firms making use of their own internal model are increasingly giving some consideration to it within their operational risk assessment.
Risk make-up
Dani went into some detail on the causes of cyber risk, including attacks from hackers and human error. He also delved into the consequences this had in respect to financial loss, data breaches and business interruption. The issue was brought to life using a number of high-profile data breaches. Dani highlighted the potential time lag between occurrence of the breach and the subsequent discovery and business recovery.
Cyber risk is of particular interest to insurers because they hold sensitive personal and financial policyholder data, some of which is housed in legacy systems that are relatively more vulnerable to attack. The increased severity of fines coupled with the spate of recent breaches means the issue of cyber security has gained awareness at the board level.
The talk rounded off with how growth in cyber risk has given rise to the rapidly growing area of cyber insurance, with global premiums forecast to reach $20bn by 2020. Currently, 85-90% of the market is based in the US, although there is the expectation that other financial centres will begin to take their share of the pie as the market continues to grow.
Cyber insurance, with global premiums forecast to reach $20bn by 2020.