Better modelling and pricing metrics are needed before the insurance-linked securities (ILS) marketplace is introduced to cyber risk transfer, Florian Heimann of AIR Worldwide has said.
Heimann, who was speaking at Guernsey Finance’s ILS event in Zurich earlier this month, said it would take time for ILS managers to become comfortable with cyber modelling.
He said: “Cyber is a pretty new peril and, in contrast to natural catastrophe models, people are simply not used to it yet.”
“Natural catastrophe models have been used extensively for more than 15 years and people feel comfortable with assessing their risks based on those models. For cyber, this comfort is in the process of building up, and I would guess something that has to build up slowly.”
Heimann noted that there is data on 23,000 breach events, which helps when looking to develop models. However, he reminded delegates that it is “somewhat unfair” to directly compare natural catastrophe and cyber as historical events cannot be depended on to inform cyber models to assess actual risk.
He explained: “The pretty straightforward geographic aggregation that can be applied in natural catastrophe models cannot be applied in cyber models. If you have one house destroyed by a hurricane, chances are pretty high that the house next door will be affected by the same hurricane. For cyber, you would need to aggregate by more complex and more abstract features. Things like which operating systems are used, or on which third-party providers do you depend?”