The goal
A new approach to cyber
Gallagher Re and Moody’s RMS™ have a closely aligned philosophy in modeling catastrophic cyber risk. Through this collaboration, the global reinsurance broker is leveraging a sophisticated actuarial approach to help its clients measure and price the underlying risk and grow their business.
As a young reinsurance broker on the block and unencumbered with legacy systems, Gallagher Re — rebranded after the acquisition of startup Capsicum Re in 2020 — immediately sought to differentiate itself from its peers through a sophisticated, analytics-led cyber offering.
“Cyber is in our DNA,” explains Justyna Pikinska, Head of Specialty Analytics at Gallagher Re, “and we believe an analytics-led approach is key to the market’s development.”
Gallagher Re was the first to coin the acronym "PC&C — property, casualty, and cyber," acknowledging that cyber is developing as a class of business in its own right, does not sit comfortably within the traditional insurance buckets, and is expected to eventually be as large as property and casualty lines.
Gallagher Re also recognized early on that better data and analytics were essential in order for the market to grow, particularly in measuring the potential aggregation risk from systemic tail events such as a "wormable" ransomware event or a cloud service provider failure.
The objective
Extending an actuarial approach
Gallagher Re is much more than just a placement broker. It uses a dedicated team of actuaries and cyber professionals while investing in an ecosystem of tools and models to build robust capabilities to quantify cyber (re)insurance hazard and exposure.
With its "cyber center of excellence" consultancy practice sitting alongside its specialist analytics and actuarial team, the reinsurance broker builds its own models and accumulation tools, working with clients on everything from pricing and security to reserving and assessing tail risk.
“Knowledge is key and we’re really keen to share our deep expertise with our clients,” says Pikinska. “We use standard actuarial methods in our approach but tailor them to the unique features of cyber, which sets us apart as a team.”
Cyber risk is a very different beast than natural catastrophe risk and needs to be treated as such when designing an analytics approach. First and foremost, it is a relatively new peril and most carriers do not have a huge wealth of claims data to fall back on. Second, and more crucially from a modeling and analytics perspective, it is a man-made exposure that is constantly changing and evolving.
Ransomware is one example. Whereas threat actors initially took a scattergun approach, cybercriminal gangs are now being more targeted, tailoring ransom demands to the size of the organization. Through increasingly common double extortion attacks — where threat actors extort for data exfiltration in addition to encryption — gangs seek to extract as much payment as possible, thus increasing the overall severity of loss.
Pikinska’s team is focusing significant attention on the potential for systemic losses and the need to better assess tail risk, developing model frameworks for ransomware and cloud downtime risk among other things. Unlike other classes of business, the more the cyber (re)insurance market grows, the more challenging and complex the risk landscape becomes.
There is aggregate risk potential. The WannaCry and NotPetya attacks of 2017 were an initial taste of the global impact such events could have. More recently, the Kasya VSA supply chain ransomware attack has again highlighted the catastrophic potential for "supply chain" attacks, while the HolesWarm crypto-miner malware campaign demonstrates that vulnerability attacks are not purely limited to single points of failure.
As Swiss Re reflects in a recent blog, concern around aggregation risk is reflected in the steady growth of reinsurance purchases. Its data shows the total limit of aggregate excess of loss cyber reinsurance placed (excluding retrocession) increasing from $1.5 billion to $2 billion between 2019 to 2020. It follows a 100% increase between 2018 and 2019.
The solution
Unpicking the tail
The Moody’s RMS Cyber Solution has extensively considered these elements in its modeling of the cyber risk landscape.
Drawing on its relationship with Moody’s, Gallagher Re has made significant strides in its understanding of tail risk events, sharing this insight with its clients as the market seeks to fulfill its potential. Gallagher Re considers Moody’s a strategic partner, with both entities closely aligned on their view of risk.
“We research the challenge ahead, which could be a cloud downtime event,” says Pikinska. “With a man-made peril like cyber, the more the market grows, the more systemic tail risk becomes a bigger issue. Everyone is extremely keen to solve this puzzle when it comes to tail risk quantification.”
The process
Close collaboration at every stage
The team worked closely throughout the Moody’s RMS cyber model onboarding process, explains Moody’s insurance solutions Director of Cyber Product Management Matt Harrison: “Cyber models are still in their early days of development. When you get to the size of natural catastrophe, there are years of history and resource, but in cyber we are all quite new to it and taking the steps we take — and having close collaboration with our partners — gives it the most value.”
From Pikinska’s perspective, the knowledge and experience Harrison and his team brought were critical to the relationship. With his background running cyber modeling at a large Lloyd’s player, Harrison has a strong understanding of cyber (re)insurance underwriters’ market data needs.
It is still a developing class for many insurance carriers. They may have catastrophe model functions with highly skilled teams with backgrounds in earth and climate science, but there is sometimes little ownership for cyber, making it even more important to partner with a cyber-specialist reinsurance broker.
Unlike natural catastrophe risk, the newness of cyber risk means it has not always had a clear home; many carriers are now building centers of excellence for underwriting, pricing, and accumulation control, but these functions are often relatively immature. At other carriers, the modeling of this risk can still fall between the cracks of different functions.
“So when these individuals go and talk to a team like Gallagher, it makes a big difference to them,” says Harrison.
The outcome
Growing the market
Premium rates within the cyber (re)insurance market have been hardening over the last two years as carriers have been stung by a growing frequency and severity of claims. Taking an analytics approach to cyber risk has never been more crucial, helping attract new capital to the arena.
Resolving some of the uncertainty surrounding the potential catastrophe load is the key to offering end clients a more sustainable product and larger insurance buyers the program limits they require.
Having worked on the market’s first cyber insurance-linked securities (ILS) solution, Gallagher Re is keen to support new entrants and encourage the growth of capacity in both the reinsurance sector and capital markets going forward.
“Many (re)insurers are just beginning in the cyber modeling space — plenty of teams are just two to three years old,” says Harrison. “Gallagher Re has been doing it twice as long, and therefore it is one of the most analytically influential intermediaries out there.
“The reinsurance market has more wariness around the potential for volatility, and the work Gallagher is doing as a reinsurance broker is integral to getting the message across that there are sophisticated frameworks for understanding tail events.
“Models help improve capital certainty and ultimately that is good for clients. Bringing in more capital is key to a bigger cyber insurance market, which is a positive thing.”
Justyna Pikinska, Head of Specialty Analytics, Gallagher Re
Learn more
Cyber risk
Moody’s can help you assess, quantify, and mitigate firmwide cyber risk and exposure and, importantly, integrate learnings across the business to inform key strategy decisions.