A promising segment of the underwriting industry is one of the fastest growing, directly contradicting recent statements by the head of Switzerland's largest insurer.
It was not long ago that Zurich head Mario Greco said that cyber-attacks would become uninsurable, calling on governments to set up private-public schemes to handle them in the way that some countries do for earthquakes and terror attacks.
Now it seems that the UK-based Lloyds of London's underwriting division, Beazley, is proving the complete opposite. As the «Financial Times» reported Monday (paywall), the unit has launched the first catastrophe bond for cyber threats. According to the newspaper, the step opens up one of the fastest-growing areas of the industry to investors - and it is also something that clearly goes against Greco's previous statements.
Triggered Losses
The interest rate on the $45 million-dollar private bond was not disclosed although it was structured to pay the principal to Beazley if the total claims from a cyber-attack involving its clients came out to more than $300 million, the FT indicated. Additional tranches may follow later this year, with the transaction being seen as an important step in providing an investment outlet for the insurance-linked securities market when it came to cyber risk.
Catastrophe bonds function as normal ones do by repaying interest, usually at a floating rate, and then returning the principal when the instrument matures. Investors can potentially incur a loss when certain, specific triggers occur. With other linked products, the triggers are usually related to hurricane claims and damages from other natural disasters.
Expanded Scope
Michael Stahel, a partner at LGT Capital Partners, welcomed the new and expanded scope of catastrophe bonds when asked by finews.com. Those kinds of placements are already well established in the private investment market as non-securitized investments or so-called «collateralized reinsurance». Such coverage had not often been seen in the catastrophe bond segment given the challenges pertaining to risk assessment and transparency.
A catastrophe bond is driven by the pre-defined trigger, and as such, they have a low correlation with overall financial market developments. But a large cyber-attack that takes out a financial market trading platform wholesale could, among other things, not only lead to massive dislocation but render any immunity to market turbulence largely void.
Rising Damages
Payments from cyber insurance have risen dramatically in recent years, with ransomware attacks paralyzing critical infrastructure.
The overall market for such insurance is about $10 billion dollars a year in premium volume, according to the «Financial Times», with some industry forecasts predicting it could rise to about $40 billion annually relatively soon.
Domestic Threats
Whether they are insured or not, both companies and governments are increasingly in a position where they have to protect themselves from hostile attacks on their IT infrastructure. According to Check Point Research (CPR) data, the number of cyber-attacks in Switzerland rose 61 percent last year compared with 2021. Those experiencing the most attacks –weekly – were the manufacturing (752), finance (623), and government/military sectors (569).
The worldwide volume of cyber-attacks reached about 1,168 on average a week per company last year, an all-time high. And for the whole year, cyber-attacks against company networks were up 38 percent globally.
Entry Portal
A favorite tactic of hackers is to use loopholes in corporate processes. In expert circles, they are called «business process compromise», whereby cyber-criminals search for any logic discrepancies that they can use for their own benefit.
Blackmail attempts are also up in the wider ransomware ecosystem, the CPR indicates. Phishing attacks are particularly favored as are weaknesses in office collaboration tools such as Slack, Teams, OneDrive, and Google Drive. They are usually sources of sensitive data, particularly given the fact that a large number of employees now work from home remotely.
Academic institutions that were forced to digitalize rapidly as a result of the pandemic have also become a favored playground for hackers. Many of them were caught unprepared by the sudden shift towards online learning, providing cyber-criminals ripe opportunities to penetrate their networks.
