Munich Re has revealed that it plans to continue focusing more of its business on the growing cyber re/insurance market, with the aim of retaining its current 10% share.
The re/insurer earned premium volume of almost US $500 million from cyber coverage in 2018, equally split between primary insurance and reinsurance.
Munich Re said that it continues to view itself as the most “active” and “aggressive” reinsurer in the space and plans to hold on to its 10% share in the high growth line.
Given that the sector has not yet been affected by any major cyber events, the company also considers the business to be highly profitable.
The maximum exposure to a cyber incident was guided as being similar to a mid-sized natural catastrophe event, it said, which would translate into loss of up to €1 billion.
The combined ratio for Munich Re’s cyber operations is therefore estimated to be around 60-80%, with a high share coming even from distribution costs.
Munich Re noted that its position is in stark contrast to its competitor Swiss Re, which it views as extremely cautious concerning cyber business.
Swiss Re considers accumulation risk to be the biggest risk, it suggested, and will not fully enter the market until a large event allows for higher prices.
Additionally, Munich Re argued that alternative capital should not yet be seen as a risk to its cyber market as external vendor models to price the risk do not yet exist.
As part of its 2019 Investor Day on Digital Transformation, analysts at Munich Re theorised that the cyber re/insurance market would expand significantly over the next three decades, global IT security investments set to reach $400 billion.
They also observed that most new buyers of cyber insurance tend to be SMEs worth less than €50 million, while the top buyers by industry are healthcare, manufacturing, professional services and financial institutions.
Munich Re’s cyber coverages currently include: privacy breach liability; confidentiality breach liability; privacy breach protection; loss or theft of data; cyber extortion; network security liability; reputational risks; payment card industry data security standard (PCI-DSS); and business interruption.