We are pleased to share 2025 US Cyber Industry Exposure Database and Loss Curve, a collaboration paper between Guy Carpenter’s Cyber Center of Excellence and Guidewire Cyence, a provider of analytics and modeling in the cyber space. The paper presents a detailed view of industry exposure, including potential impacts of deregulating and defunding US federal cyber agencies amid greater nation state cyber activity and ongoing foreign wars.
Key takeaways:
- The paper addresses the construction methodology for the US Cyber Industry Exposure Database and Loss Curve (IED).
- Guy Carpenter clients can gain insights from the IED, including in such areas as market exposure composition, aggregation risk benchmarking, data supplement and augmentation, and various risk transfer vehicle calculations.
- The IED generates a 174% US industry-wide aggregate loss ratio at the 1-in-100 return period level in Cyence Model 7.1, composed of 69% non-cat (attritional) and 105% single cat event loss ratios.
- Losses of this level are reasonably possible, as they have been observed in actual cyber writers’ claims history, though only on individual portfolio bases. In particular, the 105% cat event loss ratio translates to a USD 9.9 billion US industry-wide cat loss, putting it at 2.5 to 3 times of NotPetya’s insured loss impact in 2025 terms.
- A 1-in-100 174% industry-wide loss ratio year could result in rapid hardening of cyber rates, as was observed in the heightened claims environment in 2019-2020.
- There could also be increased scrutiny of policy terms and cautiousness of capacity deployment, as well as shifts in reinsurance buying behavior and different appetites for reinsurance protection needs.
- Guy Carpenter will leverage the depth of our cyber expertise and our reach in the reinsurance market to support our clients through these potential changing dynamics.