Cyber cedants will be met with ‘positive’ reinsurance market at 1/1/25: Guy Carp

Insurers looking to offload some of their cyber risk can expect good support from the reinsurance market at the January 1, 2025 renewals, Guy Carpenter said yesterday. 

Around half of all cyber risk is reinsured, making reinsurers critical players in the development of this fast-growing market.

Anthony Cordonnier, global co-head of cyber at the broker, said: “Over the last couple of years, we've seen existing reinsurers in the cyber space increase their appetite as well as new participants come in and supply the market with capacity. So we continue to expect at 1/1, that the purchases from our cedants and their buying strategies will be met positively by the reinsurance markets and receive the adequate support from the market.”

However, Cordonnier warned that the increased risks posed by Artificial Intelligence (AI) will require the industry to up its game and consider new reinsurance structures, including excess of loss structures, which have been largely unavailable to cyber regions buyers in recent years.

Guy Carpenter believes AI will be increasingly used by threat actors to increase the efficiency or processes that lead to cyber aggregation events. 

“AI has the potential to make cyber attacks more accessible and scalable to threat actors by automating or accelerating actions such as reconnaissance, social engineering, innovation and exploitation techniques,” Erica Davis, who is also co-head of cyber at Guy Carpenter, said.

This would mean a wider range of cyber criminals being able to deploy more frequent attacks, raising attritional losses for cyber re/insurers.

However, she warned that solid information about the threats posed by AI is scarce, and that risk aggregation models for AI remain “complex and opaque”.

“As AI increasingly interacts with complex human made systems like financial markets, healthcare networks and social media platforms, even higher risk uncertainty emerges from new vulnerabilities and attack vectors,” she said. “These forces make the prediction of AI's influence on aggregation events particularly difficult as the ground is continuously shifting beneath our feet.”

Fortunately, in its current form, AI has not emerged as a defined separate risk in cyber (such as ransomware, data breach, or cloud storage), Davis noted.

“There is little to no evidence at this time that suggests AI is creating a new category of cyber risk without clearly observable and attributed events involving AI as the proximate cause,” she said.