Cyber Risk Accrual in U.S. Commercial Property Could Trigger $12B Loss

CMR Risk & Insurance Services Inc. > Blog > Business > Cyber Risk Accrual in U.S. Commercial Property Could Trigger $12B Loss
Posted by: CMR October 25, 2021 No Comments

The accumulation of cyber risk in the U.S. commercial property insurance market could trigger a one-in-100-year loss of $12.5 billion, which would cause a downward transition in the AM Best capital adequacy ratio (BCAR) for nearly 20 U.S. property carriers, according to a study by CyberCube, AM Best and Aon plc.

The research indicates that insurers might not be accurately factoring in cyber risks when pricing commercial property policies.

“While losses of $12.5 billion are relatively low when placed in the context of natural catastrophes, considering these exposures are often unpriced or unaccounted for in enterprise risk management, the impact on carriers can be significant and more importantly, unexpected,” Sridhar Manyem, AM Best’s director of industry research, said in a release.

The findings were drawn from an analysis of a sample portfolio based on the U.S. small business property industry that was passed through a modeled cyber loss scenario to project nonphysical damage losses. AM Best took those results and assessed the fallout that scenario would have on the balance sheets of 579 U.S. property insurers.

Of the property insurers analyzed, 12 carriers would fall one level in the BCAR, four dropped two levels and four fell three or more levels, according to AM Best. While it is not the only assessment of a company’s financial strength rating, significant drops in the BCAR can lead to a downgraded financial rating.

The report did find that current levels of cyber exposure in U.S. commercial property could be absorbed by the property insurance industry in its entirety, but the exposure could have a rating impact for a portion of the market, according to CyberCube. However, projections for cyber exposure growth in the coming five years could exceed the industry’s bandwidth to manage the increased risk.

Silent cyber exposure

Further, a combination of regulatory pressure and strong portfolio management practices are moving carriers to exclude or affirm cyber coverages from non-standalone policies, where “silent” cyber exposure could exist, CyberCube reported.

CyberCube defined silent exposures in two ways:

  • Unintended cyber exposure includes cases where the policy language doesn’t address cyber risks as a potential cause of loss. As cyber coverage is neither expressly excluded nor affirmed, any loss arising from a cyber incident would likely be contested by a policyholder.
  • Unpriced exposures are instances where cyber risks are implicitly accepted, but no premium is allocated or charged for the risk. In these cases, cyberattacks are typically not a covered loss, but they could trigger a covered peril or cause of loss.

“As this research shows, quantification of the aggregation potential from cyber-related losses in property policies is very real,” Jon Laux, Aon’s head of cyber analytics, said in a release. “With property insurers affirming elements of cyber cover in their policies, insurers are exposed to significant losses, which are not necessarily priced accordingly. Through better information, industry participants will be able to make better decisions about placing cyber risk.”

Source –

Author: CMR

Leave a Reply