Cyber an opportunity for ILS investors, but future looks ‘uncertain’: S&P

Cyber insurance-linked securities (ILS) growth will be slow in the near-to-medium term as the supply of capacity struggles to keep pace with demand, analysts at S&P Global have indicated.

The demand for protection from cyber risk is increasing, but the capacity offered by the re/insurance sector is not growing at the same pace, leading to significant policy rate rises and a protection gap, a new report has shown.

Analysts believe that conditions for ILS investors are improving after several difficult years due to a growing number of natural catastrophes. In recent years, secondary perils have increased in frequency, and, in aggregate, resulted in higher losses than investors had expected.

"In our view, the cyber insurance market now presents an opportunity for ILS investors to gain exposure to cyber risks in the same way they did with natural catastrophe risks in the nineties following Hurricane Andrew in 1992," said S&P Global Ratings credit analyst Manuel Adam.

"However, so far, ILS investors have not shown much interest, and we believe that growth in cyber ILS will be slow in the short-to-medium term."

There are several reasons for this. ILS investors have learned the hard way that they can be exposed to perils that they had not fully modeled and/or priced for, analysts explained. Cyber risks are not limited by region and can easily spread across the globe in a few seconds, exposing investors to accumulation risk and related losses.

ILS with exposure to underlying natural disaster risk offer “diversification and real returns that are mostly independent of the capital markets,” they noted. In contrast, a big cyber event could trigger a decline or volatility in stock and bond market values, increasing the correlation with the capital markets.

Furthermore, cyber ILS transactions “can be very complex, and complex transactions are likely to fail,” S&P noted. A more simplified approach, starting with only one defined cyber peril, such as a cloud outage, a service provider outage, or an attack on critical infrastructure, instead of multi-peril agreements, “will help investors better understand the underlying risk, and, as a result, quantify their risk exposure.”

Did you get value from this story? Sign up to our free daily newsletters and get stories like this sent straight to your inbox.

Already registered?

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk