Golling: Munich Re prepared to give up cyber business over accumulation concerns

Munich Re management board member Stefan Golling has warned that the carrier – the industry’s largest cyber reinsurer – is prepared to exit business within the class that carries potentially systemic exposures.

Speaking on Sunday at Munich Re’s briefing at the Rendez-Vous in Monte Carlo, Golling underlined recognising and understanding accumulation potential as “maybe the most important ingredient” in developing a sustainable cyber insurance market.

“If we as an industry overall don't understand the accumulation, or potentially overexpose our overall balance sheets, the cyber market is dead before it actually has achieved a meaningful size,” he said.

“There are accumulations in cyber that we think we can manage as well as accumulation in nat cat business. But there are also other scenarios that we think we cannot cover, that are too systemic and the insurance industry will not have a solution for.”

Golling clarified that these scenarios are not necessarily cyber-specific, although there is a recognition that cyber as a line of business may make the trigger easier, or escalate such scenarios.

He also acknowledged Munich Re as somewhat of an “outlier” in the cyber market regarding cyber war, referencing the carrier’s reaffirmed stance back in May that clarity on cyber war wordings was a “top priority”.

As this publication reported at the time, Munich Re had led pushback against revised cyber war wordings proposed by Marsh’s Echo facility, which were understood to be seeking to redraw the boundaries of the cyber product to include certain aspects of conventional war.

“Nobody in the industry would question that we can write war on a large scale for property risks,” he said.

“A war or war-like situation is still very often restricted to a certain geographical area. But due to the digital nature of the risk, we could actually even have a global scenario. If that means that we have to give up business to avoid that uncontrollable exposure, then no doubt we are prepared to give up business.”

Pricing should not becoming complacent

Golling also hailed the growth of the carrier’s cyber insurance business, having surpassed $2bn in premiums in 2022 for the first time.

However, he added that the growth is predominantly indicative of substantial rate increases, rather than Munich Re having captured an even larger market share or underlying growth of the market in terms of insurance penetration.

“Our book is basically only primary insurance and proportional reinsurance, so you immediately see that increased level of rates flowing through in our book,” said Golling.

He added that while the cyber market overall responded well to loss development over the past two or three years, particularly concerning mounting ransomware losses, (re)insurers should not be resting on their laurels following the perceived slowdown in ransomware attacks since Russia’s invasion of Ukraine.

“The cyber market needs to be careful not to become complacent and assume that this [slowdown] will stay forever,” he warned.

“We have seen in the last couple of months that some of the exposure is coming back again with increased activity. Since we are not a small player in the market, we will certainly do our part to influence the market in going in the right direction and keeping underwriting discipline.”

This includes fostering the development of a sustainable cyber insurance market, not just in terms of rapid premium growth but also longevity of profitability.

“For us, cyber remains a real strategic part of our business. We also have an ambition of developing a sustainable cyber insurance market,” said Golling.

He outlined that this requires transparency across the underlying risks and scope of coverage, as well as transparency about data, limits and correlations between exposures both within and beyond the cyber book.

“To achieve that transparency, you need a certain form of standardisation. This also helps to develop the class of business overall because we want to write cyber on a large scale,” Golling said.

“Standardisation in respect of earnings, in respect of the data that you collect and in respect of how you look at the market overall on accumulation potential on systemic risk, is important,” he concluded.