Beazley’s Skeoch: Further clarity needed over systemic cyber terminology

Although the cyber market has grown more comfortable with the concept of systemic cyber risk, capitalization levels remain a concern in the context of such an event taking place, according to Henry Skeoch, cyber risk exposure management lead at Beazley.

“I think the market has started to get comfortable with systemic cyber, classifying it into categories such as data breach, cloud outage, widespread malware, and denial of service. The modelling of those perils has definitely improved,” Skeoch said.

“Where I think there's a challenge is having sufficient capital to support systemic events,” he warned.

Skeoch believes that one of the ways the industry could bring capacity into the market to alleviate concerns over systemic cyber would be to agree on what exactly is meant by the term.

“I think it's important that the industry moves towards being able to define what a systemic cyber event really looks like,” said Skeoch, speaking to The Insurer TV on the sidelines of a recent cyber reinsurance summit hosted by Howden Re.

This development may occur sooner rather than later, with The Insurer reporting this month that the UK (re)insurance market is coalescing around systemic cyber event declaration classification metrics put forward by the newly launched UK Cyber Monitoring Centre (CMC).

According to Skeoch, this move towards standardised nomenclature would bring much-needed capital into the market, as it would help capital providers understand exactly what they stand to lose in the cyber markets.

“It would bring providers of capital on a journey with the industry,” said Skeoch.

However, even if the UK Cyber Monitoring Centre quickly defines systemic cyber, Skeoch does not see this being a quick fix. Instead, he views it as something the market will struggle to come to terms with over the next decade or so.

“I think, over time, clarity and, hopefully, comfort will emerge, but we think this is something that will be a major challenge for the market over the next five to ten years,” he added.

Models have little real world experience

One area the market might be tempted to look at in order to provide certainty to capital entering the market is cyber risk modelling.

However, Skeoch cautioned against over reliance on cyber models, as they have yet to be validated by real-world events.

“But it’s important to remember that, in contrast to natural catastrophes, we haven't really seen sufficient events in the cyber world that you could use to calibrate a model in the same way the modellers do elsewhere,” he explained.

Skeoch also added that it was essential models didn’t converge, and continued to offer a diverse array of viewpoints.

“With cyber models, it’s important to have a diverse range of views because that really helps you understand and frame the extent of the catastrophic losses that could happen” Skeoch concluded.

Watch the full 8 minute interview to hear more about:

  • Cyber cat bonds
  • Beazley’s secret sauce when it comes to writing cyber
  • Beazley Security, which will go live over summer