Insurers ‘on the right path’ to managing cyber risk aggregation

By Erin Ayers on November 2, 2017

NEW YORK — The time to manage cyber risk aggregation is now and it may be an uphill battle against lack of historical data and certainty of the risk, but the industry appears to be on the right track, according to a panel of experts speaking during Advisen’s Cyber Risk Insights Conference here on Oct. 26.


Currently, determining whether insurers are well capitalized to handle the cyber risk aggregation is “basically impossible” due to lack of data, according to Fred Eslami, senior financial analyst and cybersecurity leader for A.M. Best. Traditionally, the roads to impairment for insurers have been underreserving, expanding too quickly, and natural catastrophe losses. Ratings firms have metrics to input into their capital models for those risks – not for cyber, but Eslami added that they are making strides.

“We don’t believe that it’s getting to a point where the so-called cyber PML would exceed earthquake or hurricane levels,” he said.

For insurers to accurately reflect cyber risk in their pricing, according to Tracie Grella, global head of cyber risk insurance, AIG, they must gain more granularity about their clients’ operations including the type of data they hold, vendor relationships, and software they use. She added that the greater level of detail needs to be not only within the cyber product, but the exposure across the entire book of business.

“All of that needs to come together,” said Grella. “I haven’t seen a lot of underwriting for cyber on the non-cyber products. I think that needs to change. We have to ask the right questions of our clients.”

“I’m almost certain none of those risks were underwritten [for cyber],” she said, adding that the cyber market would have underwritten the exposure, priced for it, and managed limits on it. However, many companies write both cyber and property, so a full enterprise look at the risk is necessary.


This story in an excerpt of the original. The content originally appeared in Cyber Front Page News.
To read the full story, you must be a subscriber. If you are a subscriber, check your email for Cyber Front Page News on November 2, 2017.'

Erin is an editor at Advisen. She has 15 years of journalism experience. Prior to Advisen, Erin covered property-casualty insurance for 13 years as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at