In a move that it hopes will safeguard its balance sheet from the increasing risks associated with cyber insurance, business insurance company Beazley is to launch a cyber catastrophe bond worth $45m (£37m) to indemnify itself should claims from a cyber attack on its clients top $300m.
A catastrophe or cat bond is a type of security that is designed to alleviate the risks faced by insurance companies in the event of a major disaster that they cannot cover using invested premiums.
Catastrophe bonds emerged as a concept in the 1990s after Hurricane Andrew caused $27.3bn ($58bn today after inflation) worth of damage in Florida and they carry an inherent degree of risk for those prepared to sponsor them.
They have, however, proven their worth in establishing more risk-bearing capacity in the insurance industry, which is something Beazley is hoping to bring to bear on cyber insurance.
The cyber insurance market has exploded in prominence over the past 18 months thanks to the proliferation of ransomware incidents. Alongside this, buyers have seen premiums surge and coverage become increasingly difficult to obtain.
Indeed, such has been the volume of claims that Lloyd’s of London – of which Beazley is a member – last year instructed its members to tighten up the scope of their cyber insurance policies due to a growing risk that losses could arise that were beyond the market’s capacity to absorb.
Beazley believes its new facility should go some way to easing this risk, and the firm’s chief executive Adrian Cox told the Financial Times that having access to a larger source of capital would also help the firm hedge and grow, and ultimately scale to providing billions of dollars worth of cover.
According to the newspaper, it has been working on establishing its cat bond since 2020, with support from brokerage Gallagher Re and investors Fermat Capital Management.
“The cyber insurance world has been under the microscope for some time and is changing as a result. The cover provided by cyber insurance policies has been diminishing over the last few years with more exemptions and limitations placed upon them, including cut-outs for ‘acts of war’ if attribution suggests a nation-state attack,” said Toby Lewis, Darktrace global head of threat analysis.
“It is positive to see a promise of potentially better coverage for cyber insurance in the future and an effort to spread risk for multiple insurers, allowing market players to be more accommodating, either by offering a broader range of products, reducing the threshold for payouts, or even removing some of the exemption clauses,” he said.
Lawrence Perret-Hall, director at Cyfor Secure, said the launch of the cat bond was a positive step in the right direction, enabling greater levels of coverage for more organisations in an increasingly challenging threat landscape.
“It’s likely we’ll continue to see more industry firsts as insurers and those they insure try to get ahead of the hacker,” said Perret-Hall.
“One area still in need of attention from insurers is how they measure risk. There is huge diversity in how insurers quantify the cyber risk of their customers. For many looking to get cover, it can be a complex, time-consuming task that doesn’t necessarily provide insurers with an accurate or full picture of risk appetite.
“While complete standardisation of risk measurement is unachievable, the industry does need to move away from narrow questionnaires, instead looking at something like vulnerability scans that can provide insurers with real-time, reliable data, and presents organisations with actionable insights to improve cyber hygiene and remediate any issues,” he added.