Singapore launches US$1bn cyber risk pool

November 1 2018 by Nick Ferguson

Singapore has launched the world’s first commercial cyber risk pool, which will bring together reinsurance and insurance-linked securities (ILS) markets to provide US$1 billion of bespoke cyber coverage for companies in Asia.

Announcing the initiative at the Singapore International Reinsurance Conference, Heng Swee Keat, Singapore’s finance minister, said 20 insurance firms have expressed interest in taking part in the pool.

“The cyber risk pool reflects Singapore’s standing as a specialty insurance hub and our commitment to driving forward-looking insurance solutions to tackle new and emerging risks,” said Heng. “I encourage you to consider participating in this joint effort, and to work together to develop better risk models to price cyber risks appropriately.  With proper pricing, more corporates will be encouraged to take up cyber risk protection.”

The initiative is the result of collaboration with the Singapore Reinsurers’ Association and cyber specialist Peter Hacker, co-founder of advisory firm Distinction Global and former chief innovation officer at Ed.

Ian Roberts, a partner at Clyde & Co, said the pool will be welcomed by insurers and insureds. “With the number of reported breaches set to rise globally, off the back of new reporting measures, no industry or organisation is exempt from risk,” he said. “All companies need to stay vigilant in securing their systems, remaining constantly alive to cyber risk, and ensuring all processes are stress tested and legal advice is sought early.”

Singapore has been working to establish itself as a regional insurance hub and the novel idea of issuing cyber catastrophe bonds to fund the new risk pool could help to develop its expertise in the ILS sector, which has been a stated goal for some time now.

This kind of ILS issuance will have a strong foundation of cyber expertise to draw on, following a series of recent Singaporean initiatives to address cyber risks in the city and throughout the region. In September, it announced the establishment of an Asean-Singapore Cybersecurity Centre of Excellence to help build Asean member states’ cyber strategy development, legislation and research capabilities, and provide virtual cyber defence training.

In 2016, it launched a cyber risk management project to provide a cyber-risk assessment framework aimed at supporting better underwriting and pricing of cyber risks. It has focused on developing a standardised taxonomy of cyber incidents, creating a cyber-event loss database and benchmarking cyber loss models to support actuarial pricing.

“We need to invest in cybersecurity, to prevent and deter attacks,” said Heng, “and we need to mitigate the consequences of attacks through better risk pooling. We need to work together with all stakeholders, in our country, and with the international community, to coordinate action and assist one another.”

Heng complained that insurance coverage of cyber risks remains very low due to a lack of historical data and intelligence to support risk assessment, underwriting and pricing.  “As a result, most policies have too many exclusions,” he said.

Yet the exposures continue to rise. By one estimate, Cybercrime is forecast to cost the global economy US$6 trillion by 2021, with Asia the world’s most-targeted area — hackers are 80% more likely to target organisations in Asia, yet Asian organisations reportedly take 1.7 times longer than the global average to discover cyber breaches. More than 60% of Asian companies do not have proper cyber threat monitoring systems.

Indeed, the Singapore government is hardly immune either. State-owned SingHealth was targeted in June by hackers who stole personal information of about 1.5 million patients, as well as the prescription records of 160,000 people, including the prime minister.

With the growing risk that stems from cyber attacks, particularly in Asia, the development of cyber expertise should provide a good base for the creation of a dedicated risk pool in the city.

However, similar efforts to foster a natural catastrophe pool, backed by ILS funds, have yet to bear substantial fruit. It remains to be seen if cyber will produce more immediate results.

MORE FROM: Insights