The cyber reinsurance capacity problem coming into focus at 1.1

The 1.1 renewal season will be a critical indicator of reinsurers’ view of the state of the cyber market, while in the long term a scarcity of reinsurance capacity could stop cyber insurance fulfilling its potential, analysis by The Insurer finds.

The reinsurance market for cyber is approaching a pivotal test.

Cyber carriers have spent the past year forcing through some of the hardest rate increases in the entire property casualty market - up nearly 100 percent in Q3 in the US, according to Marsh’s latest global insurance index - as well as tightening underwriting standards and requiring insureds to have cybersecurity controls in place.

The question is whether reinsurers will respond positively to these improvements or remain wary amid the rocketing ransomware losses of the past few years.

Erica Davis, global co-head of cyber at Guy Carpenter, told The Insurer she is hopeful that reinsurers will appreciate the changes.

“We’re finding that demand currently outstrips supply,” Davis said. “But with some optimism being felt on the reinsurance side, we hope to have new capacity available for the 1.1.2022 placements. We’re closely working with the reinsurers to increase awareness of the changes that have taken hold of the underlying market in the last 12 months.”

She added that this hoped-for increased capacity could come from both existing players increasing capacity and new players coming to the market.

“We’re finding that demand currently outstrips supply. But with some optimism being felt on the reinsurance side, we hope to have new capacity available for the 1.1.2022 placements” 

Erica Davis, global co-head of cyber at Guy Carpenter

The feeling is that the renewal season will be a bellwether for the prospects for the cyber market beyond just 2022.

“My forecast is that 1.1 from a reinsurance perspective is going to be critical,” commented Jamie Bouloux, CEO of London-based MGU Emergin Risk, on a recent Advisen webinar.

The CEO of the Ryan Specialty Group subsidiary urged the market to create the stability that the market needs.

“When we see how some of the structures shake up and some of the pressure points that the reinsurance market has for us in the direct markets, it is going to be very, very telling on the broader consideration as to what they anticipate is going to happen in the marketplace going forward,” Bouloux said. “They see it all.”

On the same webinar, Paul Needle, senior vice president, cyber treaty reinsurance at Munich Re, also described it as a “critical” time.

“I am pretty excited to see how the changes in underwriting in the past year have materialised,” Needle said. “I don’t think the number of attacks will go down [from 2020 to 2021] but I want to see how that materialises in terms of losses for the reinsurance carriers.”

A need for capacity

The need for more reinsurance capacity has been highlighted by a number of concerned observers recently.

S&P Global Ratings in late September released a report on the cyber market in which it said reinsurers’ underwriting and modelling expertise could help to build up the market.

“The dynamic change in claims pattern, rise of cyber threats, and huge accumulation risk creates an opportunity for larger reinsurance capacity,” S&P said in its report. “But with such a new segment, we think it is important for reinsurers to offer primary insurers support in managing the underwriting and risk management processes for cyber, as they do for natural catastrophe exposures.”

Berenberg analysts picked up the theme in an October research note, questioning whether there is, or will be, sufficient capacity. They said the current supply/demand imbalance is driving a traditional hard market.

“While demand for cyber insurance is structurally growing, with few reinsurers entering the class and even fewer offering retroactive cover, the question rather becomes: will there ever be sufficient capacity to allow the market to grow?” the analysts wrote.

“As a result, we believe that the current dislocation points towards a prolonged, multi-year period of rate increases, as demand will continue to outstrip capacity.”

The analysts said forecasts that the cyber insurance market will be worth $20bn by 2025 could be understated by as much as 50 percent given the compound growth in premiums from continued price increases. The global cyber market is thought to generate roughly $7bn of premium now.

“While demand for cyber insurance is structurally growing, with few reinsurers entering the class and even fewer offering retroactive cover, the question rather becomes: will there ever be sufficient capacity to allow the market to grow?”

Analysts at Berenberg

But the cyber market will need the backing of reinsurers if it is to grow at such a rapid rate. 

As this publication has reported, a limited number of reinsurers are entering the class and even fewer are offering retroactive cover. PartnerRe and TransRe are among those thought to have scaled back their appetite for cyber quota shares over the past two years.

Munich Re is the largest player, with a market share of roughly 10 percent. The reinsurer has previously said it intends to grow in line with the market.

Reinsurers have looked to impose caps and sublimits. A lack of reinsurance capacity has led to issues for some cyber writers during 2021. One example came when insurtech MGA Corvus hit its premium cap with capacity provider Hudson, a subsidiary of Fairfax. 

In a cyber report released in early October, Risk Placement Services said that, in response to a jump in the US cyber loss ratio from 44.8 percent in 2019 to 67.8 percent in 2020, capacity restrictions “started to grip the market”.

“Some markets discovered that they reached their risk transfer ceiling with their reinsurer faster than anticipated,” Steve Robinson, RPS area president and national cyber practice leader, said in the report. “They found themselves in a situation where the shelves were empty and there was no reinsurance left to buy.”

If you include the white label products provided by Munich Re and Beazley, then the vast majority of reinsurance cover is QS. Only a few markets provide dedicated XoL capacity including London-Bermuda MGA Envelop Risk - which recently sold a stake to giant tech investor Soft Bank - which underwrites on behalf of MS Amlin AG.

A more optimistic view in 2022?

However, Davis at Guy Carpenter told this publication that cyber reinsurance capacity has remained broadly stable. But she noted it must increase to keep pace with the market.

“Where that has created challenges is that portfolios have grown because of the rate environment,” she said. “So we are actively trying to source new capacity on the reinsurance side in order to maintain that same level of available market support.”

Davis believes reinsurers may take a more positive view of the cyber market heading into next year

“We’re actually getting a more optimistic view of the market looking to 2022,” she said. “We’ve had a number of discussions with our reinsurance partners to flesh out what their key concerns are. They are viewing this space as a key growth opportunity for the industry, and they have been actively monitoring the changes that have taken effect over the last 12 months or so.”

Davis added: “With that in mind, given the underwriting discipline being practiced in the market and given the capacity reductions and those coverage contractions and the pricing increases, I think reinsurers have a more optimistic view of cyber exposures going forward.”

Perhaps reinsurers’ biggest concern is the potential for a large systemic loss.

During a webinar in May this year, TransRe president and CEO Ken Brandt warned the industry would “have a real big mess on its hands” and “all bets are off” were a systematic cyber event to hit.

“Over the next five years at the pace and type of attacks that have been going on in the cyber world, I think the industry is more likely to be turned upside down in the next five years than just have some type of stable growth,” Brandt said.

During an S&P reinsurance CEO panel this week, PartnerRe president and CEO Jacques Bonneau also highlighted the threat of a large systemic event. He said this means more than changes in rate are required for reinsurers.

He noted the “dramatic price increases” for cyber but also coverage restrictions “and trying to make sure that both insurers and reinsurers have an equitable amount of skin in the game”.

“That line could be the next frontier of an event and whether the wordings are actually clear enough to make sure everyone knows what is covered and not covered,” Bonneau said. “So that’s an area we are taking a look beyond just price.”

“It’s tough to get a solid sense of how much you actually have on the line, and that’s hurting reinsurance appetite. If reinsurers and their actuaries are able to operate from a position of knowledge, I think that will empower them to support new constructs” 

Brad Gow, global cyber product leader at Sompo International

Talking to this publication, Guy Carpenter’s Davis said that the systemic issue erodes confidence in the market, with a single event potentially causing hundreds or thousands of losses. She pointed to the SolarWinds and Microsoft Exchange attacks as “shots across the bow” in this regard.

Brad Gow, global cyber product leader at Sompo International, told this publication that improved modeling of cyber losses could help increase confidence around aggregation.

“As the modeling around these losses gets better, I’m hoping the situation improves,” he said. “Every modeling company seems to have their own approach and we need consistency.”

Gow noted that Sompo International went through an exercise last year trying to model what its realistic disaster scenario losses might be. “And you look at the smallest and you look at the largest after speaking with five or six modeling companies and they are in order of magnitude apart,” he said.

He continued: “So it’s tough to get a solid sense of how much you actually have on the line, and that’s hurting reinsurance appetite. If reinsurers and their actuaries are able to operate from a position of knowledge, I think that will empower them to support new constructs.

“Ideally it would bring alternative capital and ILS into the market. If the market can get to the point where we can credibly put together some cyber catastrophe bonds, I think that’s exactly what is needed.” 

A growing XoL trend

Cyber carriers’ reliance on reinsurance is high compared to other classes.

In its report released in September, S&P estimated that primary insurers pass 35 percent to 45 percent of global cyber premium to reinsurers, with some regional variation. Most affirmative cyber insurance is still ceded via standalone proportional covers, most of which are quota shares.

When primary insurers start to underwrite cyber risk, they typically pass more than 50 percent of the risk via quota share to a larger reinsurer.

“That said, as primary insurers gain in expertise, we are seeing a growing trend toward excess-of-loss and aggregate stop-loss cyber reinsurance. Specifically, there has been an increase in demand for aggregate excess-of-loss cover,” the S&P report said.

The ratings agency cited Swiss Re figures that indicate that the total market limit of aggregate excess-of-loss cyber reinsurance placed, excluding retrocession, increased by about a third to $2bn in 2020, from $1.5bn in 2019. This followed an increase of 100 percent in 2019 compared to 2018.

“However, only a limited number of players are operating in the facultative cyber market. As a result, the overall market is showing a shortfall in capacity, particularly for larger programs,” the report said.

Most cyber reinsurance capacity has been provided by large carriers. S&P expects this concentration to reduce in the next few years as more reinsurers enter, cautiously increase insurance limits or expand their cyber product range.

Gallagher Re released a white paper in April this year in which it estimated in excess of 45 percent of premium was being ceded to reinsurers, up from circa 40 percent in 2020. The broker commented that the increasing demand but limited supply means “we are unlikely to see another soft market in cyber again – or at least for the foreseeable future”.

The white paper included a chart that projected very large potential growth in cyber reinsurance premiums. But Gallagher Re added that with limited new reinsurance markets entering the class and even fewer offering retro cover, “the status quo is unlikely to change for quite some time”. 

“While positive for capacity providers, the biggest threat to the cyber (re)insurance market today is the insufficient supply of capacity,” the white paper said.

Guy Carpenter’s Davis said that in the past 12 months reinsurance interest has increased as a result of the cyber risk uncertainty.

“Quota shares remain in demand but we saw heightened interest for aggregate cover to supplement the sideways protection that quota share structures afford,” she said. “We are looking to diversify the design of structures going forward, given the growing nature of cyber risk.”

Gallagher Re in its white paper suggested that “the timing could not be better for new and existing cyber reinsurers”, noting that reinsurance has on the whole performed well and that underlying rate hardening and intensifying demand both work in reinsurers’ favour.

“Such is the opportunity that Munich Re has stated it will seek to double its cyber portfolio by the end of 2025. While this sounds astronomical, even if every reinsurer followed suit demand would likely still outweigh supply,” the white paper said.

The market will see at 1.1 whether reinsurers agree it is a good time to increase capacity to the cyber market…