Moody’s RMS’ Steel: Exclusions will be an “inhibitor” to cyber market growth

Moody’s RMS general manager Mike Steel has issued a rallying call for the industry to step up its efforts to work together in partnership with modelling firms to address the cyber challenge - or risk missing out on the opportunity as corporates turn to self-insurance.

In an extensive interview with The Insurer TV, Steel insisted cyber remains a modellable risk but said partnership with insurers was critical to developing solutions that meet client needs.

“There is a lot of cooperation going on in the market - the industry recognises cyber both as a huge challenge for the economy and something where the insurance industry really needs to meet society’s challenges,” he said.

While he said cyber was a “huge opportunity” for growth in the industry, Steel said the fear is that “unless we engage together in partnership, we're going to miss out on that opportunity”.

“We'll end up with corporates creating self-insurance facilities, we'll end up with governments stepping in and creating their own facilities, and the industry will lose that opportunity,” he warned.

“Our cyber modelling software is used by many companies - many of the major players within the industry - and we're working with those major players to really understand what comes next, in terms of how we can improve our modelling and how we can create that common currency to allow them to grow into this market opportunity.”

Steel said it was critical to gain more data and understanding to help calibrate model improvements.

“Models are there to provide a framework, to create that common currency around transacting, but you shouldn't forget that the model isn't going to give you every single answer,” he said.

Steel said it was critical insurers calibrate models and “put their own secret sauce in” to ensure output is correct.

Understanding a major event

Steel said one of the challenges facing the sector was understanding what a major cyber event looks like, and what aggregations could appear.

Steel highlighted how the insurance industry “has a tendency” to put exclusions into policies when the risk is not fully understood, removing the incentive for corporates or cedants to purchase a policy if they are essentially left with the basis risk.

“That's going to be the inhibitor to the market. We need to work with the industry, improve the modelling and improve the acceptability of cyber as a class of business, so we can start to relax some of these exclusions and provide a reasonable product to society, cedents and corporates,” he said.

“Over the next few years, we'll be investing significantly more to get to the point where the industry can start to think about this as a common currency, and to create more capacity within the market and address the needs of society around cyber risk.”

Steel added that cyber poses a unique risk since it is not naturally occurring phenomena, but rather the actions of threat actors who are deliberating targeting systems.

“It’s not just about assessing who those threat actors are, it’s looking at the resilience of systems and security software within companies to understand how those two interact.”

Owing to this unique element, Steel recognised cooperation across the market as the industry engages to address the challenges posed to the economy.

“The fear is that unless we engage together in partnership, we're going to miss out on the opportunity and we'll end up with corporates creating self-insurance facilities, or governments stepping in and creating their own facilities,” he said.

“It's different from other risks that we've seen, because the insurance industry is really working with us aggressively to say, how can we really get on top of this because they recognise the price. They recognise the price, both in terms of our role in society, but also the opportunity for profitable growth by getting this right.”

Steel was speaking to The Insurer at the Moody’s Exceedance Conference in New York City.