Aon provides an analysis of the cyber (re)insurance space as the Middle East conflict continues | The Insurer

The Insurer news staff had no role in the production of this content. This content is created by the brand marketing unit of The Insurer. The cyber (re)insurance space has, unsurprisingly, been placed into the spotlight as a result of the conflict in the Middle East. Rory Egan, head of Global ReSpecialty Cyber & Analytics at Aon's Reinsurance Solutions, explains to Cyber Risk Insurer about the current state of play and how the Middle East situation is an acid test for modernised cyber insurance clauses. As the broader insurance market grappled with the fallout of the escalation between the US, Israel and Iran, Aon initially noted cyber insurers had concentrated their focus on aggregation risk potential. Aon also noted the cyber market is expected to remain responsive to potential cyber threats, for example attacks on critical infrastructure, logistics and financial services. Furthermore, Aon's Egan explained the market has been "mindful of the potential for cyber attacks to be part of war coverage" for around three to four years before the recent escalation. "There was an effort within the cyber market to develop new clauses to modernise war exclusions," he said. "Prior to that collective effort, exclusions within cyber policies did exist but they were taken directly from other lines of business." Specifically, the effort to modernise involved updating the language of these clauses - some dated as far back as 1938, and did not account for contemporary technological risks," Egan said. "What's happening now in the Middle East may help us to test these changes," he said. "While there has been some consensus and collaboration on clause development across the market, there remains a large variety of different implementations with individual carriers and on specific risks, and there's a range of different risk appetites and attitudes when it comes to defining war and nation-state linked cyber attacks. "Whether or not participants within the cyber market were already watching the Middle East closely, I think that the prior work on clause modernisation was important in recognising future issues." AON'S ADVICE TO CLIENTS Egan stressed that Aon's initial focus on the potential for aggregation risk and the efficacy of war/nation state clauses would remain relevant for some time. "Any time a threat actor or a nation state makes a move where the effects are felt in a widespread manner, that's always been a key concern and focus for the cyber market, in particular on the reinsurance side," he said. "It's a key reason why insurers buy cyber reinsurance." He explained that cyber reinsurers looking to provide coverage to insurers will conduct scenario analysis and modelling to understand if there will be an event that can affect multiple portfolios simultaneously. "This allows reinsurers to understand, quantify and transfer the risk, perhaps through to insurance-linked securities and catastrophe bonds, for example," Egan said. "But there's also the question of whether everything can be transferred, or whether there is a line between what is insurable, priceable and tradeable, versus an area that is not really something that can be assessed - and that's where reinsurers implement exclusions." FUTURE POTENTIAL Despite the unpredictable nature of the cyber space, Egan noted it's possible to predict some of the likely next steps around attacks. "The situation we are in now with Iran is probably less about the financially motivated attacks and more about destructive/disruptive attacks," he said. "These could be conducted by the state of Iran or by actors acting on behalf of the state of Iran, or others who sympathise with their cause, known as hacktivists, to disrupt and destroy financial institutions, facilities like water and energy, other critical infrastructure and military assets. "We've now seen the first such attack against Stryker, as U.S. medical device manufacture, where the motive for the attack is clearly linked to the ongoing conflict. We should not be surprised to see more similar attacks as the overall conflict continues." Furthermore, despite the potential of an ongoing conflict, he doesn't expect it to "significantly impact the availability of insurance in terms of coverage and pricing" but that it will be a key topic of discussion between all industry parties. "(The discussion) is probably going more in the direction of focussing on the coverage aspects because while we do have war exclusions, they're not all the same, and different carriers have different risk appetites. "Also, brokers are trying to give the broadest possible coverage to the buyers of cyber insurance. So there's a natural point of negotiation or attention around that, and there will be differences."