This week, London-based insurance giant Beazley announced the launch of the first ever “catastrophe bond” for cybersecurity insurance. Given how disastrous the average cyberattack has become, that pretty much tracks.
In the insurance industry, catastrophe bonds (abbreviated as CATs, sometimes referred to as disaster bonds) are used by insurance companies to help cover particularly harmful events. Traditionally speaking, that means stuff like fires, tornadoes, and other acts of God (or, more accurately, climate change) that wreak untold financial havoc. Now cyberattacks fall into that category.
In that sense, you can think of CATs as financial padding, designed to help insurance companies pay for coverage under particularly costly circumstances.
This is the first time that such a bond has been launched to assist coverage for cyber incidents — which typically haven’t been thought of in the same category of mayhem as other disasters.
The Financial Times reports that Beazley’s new $US45 ($62) million bond will help cover the company’s expenses in the event that costs from insuring its clients exceeds a threshold of $US300 ($416) million. At that point, the bond will pay out to Beazley instead of returning the principal investment amount to an investor at the end of its life cycle. The bond is basically a financial pillow, designed to cushion the blow from exceedingly costly (i.e., catastrophic) cyberattacks.
Big picture, why is this important?
Such bonds, were they to become more common, would provide additional financial infrastructure and security to the cyber insurance industry, allowing it to grow and expand its coverage areas and services. An important caveat: The bond won’t cover state-sponsored cyberattacks. FT reports:
Beazley’s cyber bond, the culmination of a three-year project, was structured and placed by broker Gallagher Re and bought by investors including Connecticut-based specialist Fermat Capital Management…Fermat’s co-founder John Seo, a pioneer in the catastrophe bond market, said the deal “marks important step in unlocking capital market investment into cyber risk and creates a solid foundation for a future cyber [insurance-linked securities] market”.
If you’re a fan of the cyber insurance industry, this is potentially good news. Cyberattacks have only grown more destructive over the past several years — with ransomware, in particular, causing massive amounts of damage to businesses all over the world. More problematically, the insurance industry has often struggled to offer affordable protection — with premiums remaining too costly for many companies to afford.
However, even if cyber insurance becomes slightly more attainable in the future, not everybody sees it as a productive solution to the problem of cybercrime. From critics’ perspective, payments to hackers only legitimate the extortionist business model that fuel the digital underworld. Conversely, the FBI has always encouraged victims of ransomware attacks to abstain from paying criminals and instead reach out to law enforcement for help.