[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

Insurers warned of ‘silent cyber’ risks

Insurance companies will have to change their modelling techniques if they are to identify ‘silent cyber’ risks hidden in traditional non-cyber products.

Insurers facing silent cyber risks ©iStock
Insurers facing silent cyber risks ©iStock

That is according to a new report from analytics platform CyberCube, which explains how cyber models have traditionally been restricted to property lines of business.

It suggests that these need to expand their scope to cover a much broader range of insurance lines if non-affirmative cyber risks are to be identified and analysed effectively.

The report also warns that concern among reinsurers will compel cedants to eliminate ambiguity in primary insurance contracts, such as business interruption covers.

“Insurers are findings themselves squeezed between regulators and reinsurers, who both want non-affirmative cyber risk to be tackled,” said CyberCube co-founder, Ashwin Kashyap.

“The potential cost implications of failing to address it are frightening.

“Global standalone cyber premiums are estimated to be in the region of $5.5bn (£4.2bn), but the connected exposure from silent cyber is higher by an order of magnitude.”

As many conventional insurance policies were designed in the pre-internet era, they often do not include digital perils or cyber risks, according to the report.

It argues that the rapid growth of cyber insurance has created challenges for claims professionals and carriers seeking to set loss reserves and forecast their capital requirements.

Lloyd’s of London syndicates have until 1 January 2020 to address silent cyber in contracts across all first-party property damage lines of business.

Meanwhile, the Prudential Regulation Authority has written to insurance CEOs stating that a number of traditional lines of business have considerable exposure to silent cyber, including casualty and motor.

"Insurers and reinsurers need to determine accurate cyber loss reserves, but currently it is proving very hard to allocate definitive loss reserves for the development profile of these incidents,” Kashyap said.

“The lack of high-quality, detailed exposure data for established lines of business is a brake on progress. In many cases, incomplete information is being used to provide estimates.

“Insurers will face challenges if they are held responsible for cyber-related claims as a result of ambiguous policy wordings in standard commercial products.”

Sign up to our free newsletter here and receive a weekly roundup of news concerning the actuarial profession