British insurance company Beazley has unveiled a $45 million (£37 million) ‘cyber catastrophe bond’ as organisations scramble to reduce the impact of escalating cyber threats.
The bond will pay out if claims from a cyber attack on a client exceed $300 million (£246.4 million) and could provide vital protection for the insurer in the event of a “remote probability catastrophe” or “systemic events”.
Organisations have scrambled to secure cyber insurance in recent years, but the maximum amount of coverage cyber insurance providers offer can range from $1 million (£821,510) up to $100 million (£82.15 million) per claim.
Described as a first-of-its-kind move, the bond follows a lengthy collaboration with reinsurance broker Gallagher Re and is supported by Fermat Capital Management.
Beazley chief executive Adrian Cox told the Financial Times that the bond will provide the insurer with a greater pool of capital to mitigate the financial impact of cyber attacks amidst rising tensions.
“What this taps into is a pool that is trillions [of dollars] rather than hundreds of billions, and is a pathway for us to be able to hedge and grow,” said Cox.
He added that, in the long term, the catastrophe bond will enable the firm to eventually provide billions of dollars of reinsurance cover.
Cox noted that cyber insurance policies would not cover incidents that occurred as a result of conflict or ‘state-sponsored’ attacks as these traditionally fall outside of standard policies.
“The bits of cyber insurance that are too big for the insurance industry to take are quite specific and quite a small part of overall cyber risk,” he said.
Catastrophe bonds first emerged in the 1990s in the wake of natural disasters such as Hurricane Andrew and the Northridge earthquake.
These high-yield debt instruments are designed specifically to raise money for insurers in the event of a natural disaster; allowing them to receive funding from the bond and forego or defer interest if an incident protected by the bond occurs.
Beazley’s cyber bond will work in a similar capacity, according to the FT.
Surging cyber insurance claims
The launch of the cyber bond follows lengthy discussions around the potential use of catastrophe bonds to cover critical cyber security incidents and major breaches.
Cyber insurance prices have increased rapidly in recent years amidst escalating security threats and a number of high-profile incidents such as the Colonial Pipeline attack.
2022 Magic quadrant for Security Information and Event Management (SIEM)
SIEM is evolving into a security platform with multiple features and deployment models
With heightened security risks, insurers have pivoted to mitigate exposure, and this has prompted premiums to increase rapidly.
Cyber insurance premiums surged by 28% on average in the first quarter of 2022 compared to the same period in 2021, according to figures from the Council of Insurance Agents & Brokers (CIAB).
Similarly, a recent study by insurance broker MacTavish revealed that UK-based businesses are facing “inaccessibly high” insurance premiums due to higher claim risks.
Avishai Avivi, CISO at SafeBreach welcomed the move from Beazley as a positive step to increasing the potential coverage for organisations seeking cyber insurance.
"Beazley’s move certainly signals recognition of the rise in both cybersecurity incidents and associated payouts," he said. "By issuing the cyber catastrophe (CAT) bond, Beazley is basically transferring some of the risk over to institutional investors. This should spur more insurance companies to provide cyber insurance.
"This is important as more and more organisations realize they need cyber insurance. This move will, most likely, increase the amount of available coverage for organisations looking to obtain cyber insurance."
