According to a report released by “S&P Global Ratings,” the cyber re/insurance protection gap presents an opportunity for investors in insurance-linked securities (ILS), which historically have filled the gaps when “traditional capital” has either retreated or is unavailable. The report titled “Cyber Risk” in a New Era: The Future For Insurance-Linked Securities In The Cyber Market Looks Uncertain stated that “the demand for protection from cyber risk is increasing, but the capacity offered by the re/insurance sector is not growing at the same pace, leading to significant policy rate rises and a protection gap.”

According to the report, “this protection gap” may present an opportunity for ILS investors to establish themselves in the cyber risk market, much as they did with natural disaster risks following Hurricane Andrew in 1992. However, it should be noted that, as of now, cyber risks have a “greater deterrent” effect than motivating ILS investors. Most investors do not want to take cyber risks, which S&P attributed to “the large accumulation risk, the possible positive correlation between cyber attacks and the financial markets, and the complexity and variety of cyber threats.” Additionally, S&P noted that because “cyber modeling” is still in its infancy and lags natural catastrophe modeling by several years, it is less trustworthy. According to the report, “natural catastrophe risks” continue to dominate ILS, accounting for 94.03% of all deals; health care accounts for 2.10%; operational risk accounts for 1.21%; life embedded value accounts for 1.08%; financial guarantee risks account for 0.66%; extreme mortality accounts for 0.58%; and terrorism risk accounts for 0.34%. (S&P provided “these figures” which were sourced from Artemis).

S&P stated that non-affirmative, or silent cyber risk exposures, already exist in “ILS transactions because” cyber events can lead to claims in other lines of business, such as property and liability insurance. According to S&P, approximately “90% of ILS fund managers” are concerned about the possibility of silent cyber exposure within their funds, citing PCS, a Verisk business and provider of catastrophe data. “Because silent cyber claims can have a negative impact on other insurance lines of business,” the report continued, “ILS funds with exposure to “operational or property risk” already bear the costs of silent cyber risk.”

There are currently no existing affirmative (explicit) cyber catastrophe bonds or sidecars, according to S&P, but there have been a few modest ILS transactions for collateralized reinsurance involving cyber risks from a few Bermuda-based ILS carriers. To enable them to assess “their exposure” to the risk and better understand its underlying factors, the term “cyber danger” was defined.