As it stands, there is some $1bn of theoretical cyber capacity available for a commercial enterprise but Mulligan says the industry will need to co-operate if it is to build more capacity over time.

Reinsurers need to “remain steady” and keep their risk appetite for cyber business consistent if the market is to build more meaningful levels of capacity, Mulligan told The ReInsurer.

Reinsurers have an increasing appetite for cyber business and have invested heavily in building teams, expertise and analytical capabilities in the sector - all of which are essential in building long-term and stable capacity in the specialist segment.

“That’s going to underpin their strategies around cyber so we can enjoy long-term, stable capacity. That is essential in cyber,” Mulligan said.

Alternative capital structures and the insurance-linked securities (ILS) market could increasingly play a role in the cyber sector, Mulligan said, noting that a number of collateralised reinsurance transactions have already taken place. 

“I think cyber can find its way in alternative capital structures,” she said. “ILS is a natural home for emerging risks and investors have already been receptive to those risks.” 

But Mulligan said that better models will be essential if cyber is to gain a bigger foothold in the ILS space.

“Modelling is paramount in ILS transactions and the reinsurance community can continue the work that’s already happening with technology vendors to develop credible models and clear triggers for cyber,” she explained.

She also said investors would potentially be concerned with the possible correlation between cyber ILS and the broader financial markets.

Commenting on moves last year by Lloyd’s of London and the UK’s Prudential Regulation Authority (PRA) to mandate that all policies clearly state whether they will provide affirmative coverage for cyber risks and to ensure more effective management of silent cyber exposures, Mulligan says it will take time before carriers are able to have a plan in place.

“Carriers are still on a journey with this,” Mulligan explained. “It’s a multi-faced process and involves stakeholders across the organisation. It’s an intensive process.”

As an aid, Aon has developed a catalogue of scenarios which will enable insurers to quantify the problem of silent cyber and then develop a strategy that can address the Lloyd’s and PRA mandates around coverage, but will also allow a carrier to keep their exposure aligned with risk appetite.

“Reinsurers can help with clash cover as insurers transition policies to either affirming or excluding cyber cover,” she said. “They will need a deep understanding of the empirical analysis of the exposure as well as seeing the affirmation plans. We’re still on a journey with this and I expect that to continue.” 

Commenting on the impact of the Covid-19 pandemic on the cyber market, Mulligan said the initial concerns were two-fold; the economic impact on premiums and the potential for increased claims.

“We’ve seen that the overnight shift to a work from home world has exposed companies’ cyber security vulnerabilities [and] it’s also raised their awareness of the risk,” Mulligan noted.

“But there is still a healthy demand for the cover amongst both new buyers and buyers of increased limits. Premium projections right now are okay.”