Updating cyber reinsurance approaches

Lydia LaSalata, global head of cyber at Axis Re, discusses the challenges reinsurers face within the constantly evolving cyber threat landscape.

With cyber risk rapidly evolving due to the constant activity of cyber criminals and activists, how complex is this to cover from a reinsurance standpoint?

Cyber is a very complex area to (re)insure. It involves a rapidly evolving threat landscape together with a myriad of regulatory changes. The latter is heavily influenced by privacy law in different jurisdictions, and people sometimes forget that before the uptick in ransomware attacks in 2019-20, this coverage area was driven by the topic of privacy.

One of the things we concentrate on at Axis is being a thoughtful partner and reinsurer. This means understanding how our cedants and the market approach risk. The underlying cyber market puts an emphasis on ensuring minimum standards of insurability for things like ransomware, which they want to see before they write the risk. That all flows into reinsurance. Our emphasis is understanding how the people we provide capacity for are looking at the market and ensuring they meet minimum standards.

Are there misconceptions around cyber risk in the eyes of reinsurers?

There’s a healthy level of concern and caution in the reinsurance world. For example, at Axis Re, for years cyber was ceded within our financial lines business. We have seen and supported the movement of cyber from multi-class liability treaties to standalone. We analyze and price cyber risks independently regardless of treaty structure, so we are well positioned to provide standalone or multi-class coverage, provided there is appropriate transparency and reporting.

More reinsurers are entering the cyber market. To what extent does this impact day-to-day work and how cover is written?

People talk about the cyber market making huge jumps in growth, with billions of dollars more in additiona l coverage in the next few years. For this to work, there will need to be a more robust reinsurance market with a lot more capacity than there is now. The brokerage community has brought new and novel solutions to help with some of that tail risk, and thus aggregating occurrence cover.

Aggregation of limits is also becoming an area of concern due to market growth and untested catastrophe event scenarios. We must remember that capacity is finite and risk selection is critical. Here at Axis Re, we have evaluated a variety of structures over the past few years as we try to provide feasible solutions to our customers, assuming there is an appropriate return on the capital.

What do you see as the biggest opportunities and challenges for cyber reinsurers in the rest of 2023, and beyond?

We are at an interesting point in the cyber market because what happens on the primary side flows directly into the reinsurance space. The increase in ransomware attacks is going to test all the work that has gone into the primary market over the past few years. Simultaneously, the industry is trying to attain consistency in contract language when dealing with systemic events, which is also a challenge. For example, Axis Re has standards around war exclusions, terrorism and critical infrastructure as we try to contain attribution.

At Axis Re, we regularly update our models to develop the most accurate view of risk given the constantly changing nature of cyber threats. The opportunity is vast, but it requires a full-scope team and there is no room for naïve carriers given the potential for binary outcomes. In this dynamic market, we tap into our specialist underwriting expertise and solution-oriented mindset to meet the needs of our customers and partners.