Lloyd’s of London insurer Beazley has launched the first cyber catastrophe bond, opening up one of the fastest-growing areas of the underwriting industry to investors as companies and governments seek to shield themselves from ransomware strikes.
The $45mn private bond will pay out to Beazley if total claims from a cyber attack on its clients exceed $300mn — a structure intended to give some protection to the insurer’s balance sheet from “remote probability catastrophe and systemic events”.
Adrian Cox, Beazley’s chief executive, told the Financial Times that the new instrument gave the insurer access to a much larger source of capital.
“What that taps into is a pool that is trillions [of dollars] rather than hundreds of billions, and is a pathway for us to be able to hedge and grow,” Cox said. Beazley hoped, he added, to scale this “new tool” to eventually provide billions of dollars worth of reinsurance cover.
Catastrophe bonds work like normal bonds in that they give investors interest payments — typically at a floating rate in this market — and hand back the principal at maturity. But investors can lose some or all of their money if certain tightly defined triggers are hit. Generally those triggers relate to the level of claims from hurricanes and other extreme weather events.
Institutional investors seeking returns have poured tens of billions of dollars in to such insurance-linked securities, forming a significant source of reinsurance for underwriters.
Beazley’s cyber bond, the culmination of a three-year project, was structured and placed by broker Gallagher Re and bought by investors including Connecticut-based specialist Fermat Capital Management. The interest rate on the deal was not disclosed, but Beazley said the bond could be followed by additional tranches this year and beyond.
Fermat’s co-founder John Seo, a pioneer in the catastrophe bond market, said the deal “marks important step in unlocking capital market investment into cyber risk and creates a solid foundation for a future cyber [insurance-linked securities] market”.
The advent of a cyber catastrophe bond has been a hot topic in the sector and discussed by academics as a risk-sharing mechanism that could help develop what is becoming an increasingly important insurance product for companies.
Payouts from cyber cover have surged in recent years as ransomware attacks have disrupted businesses and essential infrastructure. The cyber insurance market takes in about $10bn in annual premiums, but industry estimates project it could reach as much as $40bn in the next few years.
If so, the total claims exposure of cyber insurers would also “increase fourfold, if not more”, Cox said. Just as with property insurance, which uses catastrophe bonds, traditional reinsurance and a range of other backups, cyber would need to gain access to all forms of reinsurance capacity, he said, to allow it to absorb the growing threat from cyber attacks.
Cyber insurance prices have raced higher in response to rising claims. Beazley cited these high rates as it tapped stock market investors for £350mn in November, saying the raise would help it retain more exposure to cyber.
The Beazley chief also pushed back against a view expressed by Zurich boss Mario Greco, who told the FT last month that cyber attacks were becoming “uninsurable” because of their impact on every corner of modern life.
Cox said cyber insurance policies would not cover war or state-sponsored attacks, but those risks generally fell also outside other standard insurance policies. “The bits of cyber insurance that are too big for the insurance industry to take are quite specific and quite a small part of overall cyber risk,” he said.
The industry had proved “perfectly capable” of absorbing the costs of cyber disruption to fuel pipelines, for example, he added. “I would stress what insurance can do rather than what it can’t.”