Property Insurers Exposed to $12.5B in ‘Silent Cyber’ Losses, Market Analysts Say

US property insurers are exposed to $12.5 billion in non-physical cyber losses that are not expected and not priced by underwriters, according to a report released Tuesday.

CyberCube, AM Best and Aon teamed up to calculate the “silent cyber” exposure to commercial property insurers and reinsurers for a level of loss projected to occur once in every 100 years.CyberCube’s models suggest the industry is exposed to $9.5 billion in attritional (non-catastrophic) losses and $3 billion in catastrophic losses.

“While losses of $12.5 billion are relatively low when placed in the context of natural catastrophes, considering these exposures are often unpriced or unaccounted for in enterprise risk management, the impact on carriers can be significant and more importantly, unexpected,” said Sridhar Manyem, AM Best’s director of industry research, in a press release.

To calculate the potential impact on insurers, AM Best conducted a stress test on the property market and determined that 18 out 579 carriers would drop at least one level in Best’s Capital Adequacy Ratio. The level of risk was determined by reducing the insurer’s available capital by its share of the $12.5 billion industry cyber loss.

Commercial property insurers are exposed to cyber claims in two ways, the report says.

Unintended cyber: The policy language does not explicitly address cyber risk as a cause of risk, so coverage is neither excluded nor granted. Any loss is contested with the policyholder.

Unpriced cyber: Cyber risk is implicitly accepted but no premium is allocated or charged for the risk. Typically a cyber attack is not a covered cause of loss, but triggers a covered peril.

Events in recent years have forced property insurers to think more carefully about how they should be assessing cyber exposure within their portfolios, according to Aon. Some times regulators insist. For instance, the New York Department of Financial Services issued a circular letter in February that advised carriers that “silent risk” may exist in many different types of policies even for insurers that write little or no cyber insurance.

Some US carriers have adopted exclusionary language from the Lloyd’s Market Association. But those that do risk becoming uncompetitive, Aon said. Underwriters usually have to negotiate changes such as exclusionary language when policies are renewed.

“There remains ambiguity around the requirement for physical damage to trigger property cover,” the report says. “Physical damage is an undefined term within property policies, however, it is critical in obtaining coverage response.”

The researchers recommend that insurers model their own individual portfolios with customized stress scenarios to identify their exposure to cyber risk and work with their reinsurance broker to manage it.

The authors of the report will conduct a webinar to discuss their findings on Thursday. To register, click here.