Hidden Cyber Risk Could Cause US Property Insurance to Rise

So far the US property insurance market has not been incorporating the price of cyber risks in commercial policies—even though dangers are accumulating in this area. That may change if carriers follow the recommendations in a report issued this week from CyberCube, along with AM Best and Aonl.

It stated that cyber exposures accumulating in the United States’ property insurance market could result in $12.5 billion in non-physical damage losses and could cause certain carriers’ capital adequacy ratios to deteriorate.

The report concluded that, “while current levels of cyber exposure within US commercial property are manageable by the property industry as a whole, the exposure could have ratings impacts for a section of the property market. The large growth in cyber exposures anticipated over the next few years will challenge the industry’s ability to cope with rapidly increasing risks.”

The research notes a mixture of regulatory pressure and good portfolio management practice is driving carriers to explicitly exclude (or affirm) cyber coverage from non-standalone policies, “where ‘silent’ cyber exposure may exist. However, it is becoming apparent that insurance carriers, while starting to offer explicit cyber coverage in US commercial property policies, may not typically be underwriting or pricing the risk, accordingly.”

Furthermore, “sufficient cyber risk is accumulating in the US property market to trigger a one-in-100-year loss” of the magnitude that would be enough to cause a downward transition of the Best’s Capital Adequacy Ratio (BCAR) for 18 US property carriers.

BCAR is a rating that assesses the strength of an insurance company’s balance sheet.

For the study, CyberCube created a sample portfolio based on the US small business property industry and subjected it to modeled cyber loss scenarios, quantifying non-physical damage losses.

The results of this analysis were then used by financial ratings agency AM Best to assess the impact on the balance sheets of 579 US  property insurers. Aon assisted with quantifying the risks and exposures written back into property policies and highlighting some best practices for managing these risks.

The Dreaded Drop in BCAR Level

The analysis revealed that of the 579 property insurers analyzed, 12 carriers fell one level in the BCAR, four dropped two levels, and two insurers each fell three levels and four levels respectively. It is important to note that BCAR assessments are not the sole determinant of a company’s financial strength rating. Other factors such as reinsurance, diversification, and liquidity are considered to evaluate balance sheet strength. However, a significant deterioration in the BCAR assessment may lead to a downgrade of an insurer’s financial strength rating.

The report warns that cyber exposures in the US property market may be unaccounted for in carriers’ enterprise risk management strategies.

Rebecca Bole, CyberCube’s head of industry engagement, said in prepared remarks that “the modeled loss figure of $12.5 billion suggests that the US property market is exposed to $9.5 billion of attritional losses and $3 billion of catastrophic losses in the return period. It is apparent that the property market is already paying attritional losses for non-affirmative cyber coverage.”

Losses of $12.5 billion are relatively low when placed in the context of natural catastrophes, Sridhar Manyem, AM Best’s director, industry research noted, but “considering these exposures are often unpriced or unaccounted for in enterprise risk management, the impact on carriers can be significant and more importantly, unexpected.”

Cyber scenarios used by CyberCube to analyze the impact on the US property industry were large-scale data losses, large-scale ransomware attacks and a targeted ransomware attack on a medical devices manufacturer.