A catastrophic “once-in-200-years” cyber event could cause $33bn in losses for the cyber-insurance sector, according to a new report from Guy Carpenter.
The reinsurer’s Through the Looking Glass report used three modelling platforms to calculate its estimates: CyberCube, Cyence and Moody’s RMS. Into these it fed proprietary data related to almost two million cyber policies.
The losses ranged from between $15.6bn to $33.4bn, covering three potential scenarios: a cloud outage, data theft and ransomware/malware.
Models from all three vendors agreed that ransomware is potentially the most costly source of a major cyber incident, with CyberCube estimating it at over $30bn. Cloud events yielded relatively lower loss levels, with models taking in to account cloud providers’ “robust contingency measures.”
“Data theft events are those where we observe the most divergence among the vendors with CyberCube being the most significant of the three,” the report noted. “Cyence and Moody’s RMS interpret the event as the least material of this subset in the 200-year return period, whereas CyberCube’s interpretation proves larger than cloud events.”
Potential losses for the industry do not reflect total losses from a one-in-200 year event, but only those organizations with insurance policies that will have to pay out. That is why in part they reflect the recent growth in the industry.
Guy Carpenter claimed that global premiums are now worth $14bn, including $9bn in the US. That’s a steep climb from 2019, when the figure for the US market was only $2.6bn.
Increasing causes for concern include the usual suspects of growing reliance on cloud, greater interconnectivity of systems and devices, more advanced cyber-attacks and more stringent regulatory requirements, the report noted.
However, the reinsurer was pretty confident that the industry will be able to absorb the cost of even a significant global cyber event.
“There is no question that hypothetical losses from a significant cyber event would impact the market, as this report demonstrates,” it concluded.
“However, given the industry’s resilience to significantly greater losses from other classes, in most cases these should not be insurmountable. Industry leaders and insurance entrepreneurs recognize this and spy opportunities for continued growth and performance in this sector.”