The cyber insurance market has made significant progress on accumulation over the last three years. What it hasn’t yet confronted is what accumulation looks like when the losses aren’t data, when a systemic cyber event triggers physical damage, disrupts critical infrastructure, or generates liability that neither cyber nor property policies are built to absorb.
What We’ll Tackle:
1. Cloud Infrastructure Aggregation
– Identifying hidden concentrations across AWS/Azure/GCP
– Business interruption triggers from single cloud provider failure
2. Software Supply Chain Dependencies
– Modeling downstream impact of critical vendor compromise
– CrowdStrike-style scenarios – operational failure vs. malicious attack
3. Correlation vs. Independence Assumptions
– Where current models underestimate simultaneous claims
– Geographic/sector diversification – does it actually reduce systemic risk?
4. Realistic Loss Scenarios & Stress Testing
– Building credible catastrophe scenarios with limited historical data
– PML estimates reinsurers will accept vs. what actuaries can defend
Why Now?
Reinsurers are increasingly challenging primary insurers’ accumulation assumptions, while regulators demand stress testing that current models can’t support. With limited historical data for systemic cyber events, both sides need new approaches to quantify concentration risk.
Attendees:
– Head of Cyber Cat Modeling/Portfolio Management
– Chief Actuary / CRO
– Reinsurance Brokers
– Reinsurer Underwriters & Cat Modelers
