Hidden cyber risk in US property market could lead to over $12 billion in losses

According to a new study conducted by CyberCube, AM Best and Aon, sufficient cyber risk is accumulating in the US property market to trigger a one-in-100-year loss of over $12 billion.

A loss of this magnitude would be enough to cause a downward transition of the Best’s Capital Adequacy Ratio (BCAR) for 18 US property carriers.

For the study, “Spotlight on Cyber: A study of aggregation risk in the US property insurance market”,  cyber risk analytics expert CyberCube created a sample portfolio based on the US small business property industry and subjected it to modelled cyber loss scenarios, quantifying non-physical damage losses.

The results of this analysis were then used by financial ratings agency AM Best to assess the impact on the balance sheets of 579 US property insurers.

Aon assisted with quantifying the risks and exposures written back into property policies and highlighting some best practices for managing these risks.

The analysis revealed that of the 579 property insurers analysed, 12 carriers fell one level in the BCAR, four dropped two levels, and two insurers each fell three levels and four levels respectively.

The report concluded that, while current levels of cyber exposure within US commercial property are manageable by the property industry as a whole, the exposure could have ratings impacts for a section of the property market.

Indeed, it suggests, the large growth in cyber exposures anticipated over the next few years will challenge the industry’s ability to cope with rapidly increasing risks.

The research notes a mixture of regulatory pressure and good portfolio management practice is driving carriers to explicitly exclude (or affirm) cyber coverage from non-standalone policies, where “silent” cyber exposure may exist. However, it is becoming apparent that insurance carriers, while starting to offer explicit cyber coverage in US commercial property policies, may not typically be underwriting or pricing the risk accordingly.

As such, the report warns that cyber exposures in the US property market may be unaccounted for in carriers’ enterprise risk management strategies.

Rebecca Bole, CyberCube’s head of Industry Engagement, said: “CyberCube’s modelled loss figure of $12.5 billion suggests that the US property market is exposed to $9.5 billion of attritional losses and $3 billion of catastrophic losses in the return period. It is apparent that the property market is already paying attritional losses for non-affirmative cyber coverage.”

Sridhar Manyem, AM Best’s director, Industry Research, added: “While losses of $12.5 billion are relatively low when placed in the context of natural catastrophes, considering these exposures are often unpriced or unaccounted for in enterprise risk management, the impact on carriers can be significant and more importantly, unexpected.”

Jon Laux, Aon’s head of Cyber Analytics, said “As this research shows, quantification of the aggregation potential from cyber-related losses in property policies is very real. With property insurers affirming elements of cyber cover in their policies, insurers are exposed to significant losses, which are not necessarily priced accordingly. Through better information, industry participants will be able to make better decisions about placing cyber risk.”

Cyber scenarios used by CyberCube to analyse the impact on the US property industry were large-scale data losses, large-scale ransomware attacks and a targeted ransomware attack on a medical devices manufacturer.

This report aims to quantify the cyber exposures accumulating in the US property market and calls for further clarification of cyber cover in commercial property policies, explicit underwriting and adequate pricing of the risks associated with cyber events in property policies.

To access the full report click here: Spotlight on Cyber: A study of aggregation risk in the US property insurance market.

AM Best is also hosting a webinar highlighting the findings of the report: if you are interested you can register here.

Follow us on twitter: @risksEmerging

Whenever people ask me what I mean by the phrase "neoliberal university", I tell them my university has a brand new building named after Woodside

The season has no sooner started and already Man United seem to be missing a France international midfielder they can all disagree over. Piece on the Rabiot paradox and what #MUFC would be getting

https://theathletic.com/3486328/2022/08/09/adrien-rabiot-manchester-united/

Serena Williams won her first singles match in 430 days on Monday as she defeated Spain's Nuria Párrizas Díaz 6-4 6-3 at the Canadian Open in Toronto https://cnn.it/3P8CjC3

Linking Senator Hughes to the report on nuclear power undertaken by the LNP when they were in power in 2019 that they did nothing about - obviously she wasn't paying attention at the time (too busy lining her own pockets or pork barrelling one assumes): https://www.aph.gov.au/Parliamentary_Business/Committees/House/Environment_and_Energy/Nuclearenergy/Report https://twitter.com/hollieahughes/status/1556464038431064064

Senator Hollie Hughes @hollieahughes

Over the coming decade, Australia will see higher power prices mixed with an unreliable energy grid, heightening the potential for rationing, brownouts, and even blackouts. We must have an open and honest discussion on advanced and next-generation nuclear energy in this country.

Let’s talk about what exactly #NetOps, #DevOps, #NetSecOps, and #DevSecOps are and how these combined IT approaches are changing how teams work and develop. https://okt.to/EDhW0Z

Load More...
SHARE: