How are you responding to the PRA’s letter on cyber risk exposures?

How are you responding to the PRA’s letter on cyber risk exposures?

How are you responding to the PRA’s letter on cyber risk exposures? 1040 530 Ian Newman

Non-affirmative or ‘silent’ cyber is an area of critical concern to the insurance market, and the UK regulator has just called for concrete action.

The bulk of cyber exposures lurk within non-cyber covers, as 2017’s NotPetya attack showed. The latest estimates of the total insured losses are between $3bn – $3.3bn and include $2.4 billion from silent cyber, of which four losses exceeded $100 million. One was north of $1 billion.

The Prudential Regulation Authority’s letter to insurance CEOs on 30th January sets out new requirements for insurers. To “reduce the unintended exposure to non-affirmative cyber risk”, they must “develop an action plan by H1 2019”, just five months away.

The role of reinsurance

Reinsurance can remove substantial silent cyber risk and meaningful capacity is available both from traditional and ILS markets. Insurers’ greatest challenges in meeting the PRA’s new requirement are the collation of sufficient data to make informed ceding decisions, and providing sufficient risk information to reinsurers and the regulator.

Capsicum Re provides bespoke consultancy services that focus on identification, quantification and mitigation of the non-affirmative cyber peril. We carry out detailed product reviews and identify which classes are mostly exposed to non-affirmative cyber and more generally in Cyber as a Peril (CaaP). Quantification is done using carefully selected scenarios, appropriately chosen for each class of business, and, if required, modelling probabilistic outcomes of each scenario or the impact of all of them combined. This allows our clients to mitigate their risks by selecting the most efficient reinsurance structure that will focus on most exposed areas of the business.

We have also partnered with AIR Worldwide to develop a reliable probabilistic model that assesses the volatility around the mean and quantifies the probability of extreme cyber events. It is the ideal tool to meet the regulator’s new silent cyber reporting requirement.

Ours is the largest dedicated cyber practice in the market and is uniquely peril-focused. We have been at the forefront of designing and building many of the new solutions that exist in the cyber space to meet our clients’ evolving needs. These have included bringing new and alternative/ILS capacity to bare, developing different structures that are now commonplace in the market, placing the largest reinsurance facility and consortium cover in the markets and developing new ways of assessing cyber exposure. That, alongside our leading-edge silent-cyber exposure tool, makes us the ideal partner to help you reduce the threat of unintended exposure to silent cyber.

Contact us

Please contact Ian Newman or Justyna Pikinska in London or Patrick Bousfield in New York (or your usual Capsicum Re contact) to discuss how we can help you measure the non-affirmative cyber exposure you carry, and explain the advanced solutions available.