Good day, and welcome to Beazley's Systemic Cyber Risk presentation. Throughout today's recorded presentation, all participants' lines will be in a listen-only mode. Later, we will conduct a question and answer session. You may register for questions by pressing star one on your telephone keypad at any time during the call. And now I'd like to hand the call over to Chief Financial Officer, Barbara Plucnar Jensen. Please go ahead, ma'am.
Welcome, everyone, to our session on cyber. My name is Barbara Plucnar Jensen, Group CFO of Beazley, and with me today, I have our Group Chief Underwriting Officer, Paul Bantick, and Aidan Flynn. Both are very experienced leaders in Beazley and our strong team on cyber. In the past, you've heard both of them speak, and today, I really look forward to sharing their insights with you. Before we get started, I want to mention that we're aware that there's a lot going on in the world at the moment, not least the horrible impact we have seen from Hurricane Helene. It's very early days, and we're continuing to monitor the situation. It is too soon to comment on the individual storm. However, I'll use the opportunity to remind you that we're prepared and planned for events like this.
They are sadly not exceptional, but part of our regular natural catastrophe planning. However, today, we have planned for this session on cyber, and I'll now hand over to Paul to provide you an update on what we do and the exciting opportunities that we see.
Thank you very much, Barbara. I'm going to take you through the opportunity that we see on cyber and how we're viewing that currently. I'll then talk you through a little bit where the market is for cyber in the insurance market, and how we're using our expertise to protect our policyholders and really help drive resilience into our client base. And then I'll hand over to Aidan, who spoke to you last time, to give you some of the very important details on how we are managing our exposures, both attritional and systemic, including our recent new additional reinsurance cover from the ILS and bond cyber catastrophe market, which we are incredibly excited about. And that will also include a little update on the 1-in-250 that we spoke to you about around a year ago.
We'll then wrap up by thinking about our long-term outperformance and how we plan to keep continuing to deliver. There's a disclaimer notice, which I'll ask everyone to read, and you have that. And that moves us nicely on to the opportunity. As you can see from this slide, the cost of cybercrime continues to escalate around the world, and I think everyone's very familiar with CrowdStrike recently. What that has told us is that it's not only malicious attacks that we need to worry about. Cyber can present itself in many different ways. As the economy becomes ever more digitized, the percentages of businesses still don't feel ready to meet the challenge of cyber risk. It's not just about having good controls, it's about how you think about cyber, how you manage it, how your culture is around cyber, how your employees respond to it.
What we are seeing is that really good companies can still have cyberattacks, and that is where insurance comes in. Why, while we've seen a more normalized claims environment since the ransomware crisis, what we have seen is the threats of geopolitical issues, climate events, and thinking about how the world is starting to evolve on cyber is incredibly important. Not only that, the demand for security services to help protect companies is growing at the same time. Cyber is going to be at the heart of everyone's economies moving forward, and with that, the threats will always exist in some way, shape, or form. This is some work that we've done thinking about the cyber market, where it's going, and what perhaps the opportunity might look like. I think it's very important for me to note that this slide is rate agnostic.
We have not tried to predict where the cyber rates may go in the next 10 years. So it's pretty much flat rate, and where we're seeing the growth is new business and exposure growth, which is those threats bringing new buyers to the cyber market, because more and more people want to do something around the exposures that cyber presents, not just from a monetary standpoint, but also from a services standpoint, and how to respond to the cyber threats. In here, you'll see there's a couple of themes: A, growth is coming from North America and non-U.S. North America, what we're really expecting to drive the growth there is the middle market and lower end, particularly the lower end, the middle market, and the SME business in the U.S.
They are the two areas that are the least penetrated right now and where clearly the growth is going to come from. Secondly, non-U.S.. We've seen it already. We've spoken to you about this a lot over the last year or two. We are seeing a lot of demand start to rise outside the U.S.. Different countries go at different paces, different cultures go at different paces, and we see demand appearing in many different ways, but what is consistent is, it is consistently starting to emerge. We continue to see strong new business in our non-U.S. business, and that is predicted to continue, particularly in the middle market and large account space.
So what I think you're going to see from a cyber market moving forward, and there's lots of predictions out there around where the market may or may not go, and we've worked on this, as you can see from the slide, with KPMG. We've also shared it with many of our key reinsurance partners, and everyone is within the same range. And I don't think we can say that this is exactly what the journey is going to look like. I think everyone agrees on the endpoint. What you may see is different paths that starts to get there, depending on what's happening with the demand in those segments, in those countries at any given point in time. And not least, what's happening to the threats, because what we have seen over the years is that cyber threats do increase demand rapidly.
So are we going to see more events like the CrowdStrike events, where we see malicious, non-malicious attacks on the rise? If that happens, then the cyber market will respond. But ultimately, a lot of what Aidan's also going to talk to you about later is how we are making sure we build a market that's here to give the cover and keep responding to clients in the way that we want to. Where are we today? So just going to walk through this a little bit, but the first point I'd like to make is it's really important to note, as I think we've all seen on the journey together in the last 10 years, is that the cyber market could change at any given time, and I think we have to think about it in that sense.
For example, had CrowdStrike been worse, and we will give a little update on that, then the cyber market could potentially be changing as we sit here today. Thankfully, it wasn't. It's a very short tail line of business. That means the threats, the cyber market, the pricing, the way it responds, and the way it will work will be very much like a short tail line of business, as you see with property when hurricanes do or do not happen. It's the synergy is very, very strong, and I think we'll continue to see that trend. And that's also backed up by the fact that we've actually seen a traditional cyber and reinsurance market and CAT market start to emerge, and that is something that we'd always hypothesized would happen, and we're now starting to see that play through.
When looking at the loss trends, ransomware remains, in terms of frequency, at the lowest levels we've been experiencing since 2020, when we first started reporting and talking about ransomware frequency. However, what we have seen, I think, as all of the intelligence and all of the threat intelligence we had suggested to us that once the Russia and Ukraine war reached a certain stage, once certain other things happened in the world based on different geopolitical events, that we would potentially see some more cyber criminal activity that would lead to some severity. We've also seen some newsworthy events like CrowdStrike. They have had impact, but, for example, it's less about the dollars and more about the coverage and what happens.
When you're thinking about the market and the loss trends, what we're widely seeing is that the CrowdStrike event has been less about how much dollars did this cost in terms of the size of the event, more around how did the cyber market respond? What was the coverage? What was available? And what people have learned is that it's really important, A, to understand these non-malicious cyberattacks, how they can happen, B, prepare and plan for them, and I think, C, make sure that we provide coverage for them, because that's something we've always done, that's something we've always intended to do, and that this is the sort of scenario that we were prepared for. In terms of competition, I would say that our view is that it remains fairly stable.
We've not seen lots of new capital move into cyber, perhaps like we have seen in some other lines of business over the last couple of years. What we are continuing to see is existing capital being more active. Policy conditions, terms and conditions are stable. W e obviously have now moved through the war exclusions being updated and rolled out globally, and we're not seeing any major coverage or evolutions of coverage or changes or restrictions being applied. And I think the other thing that's incredibly important to note is that cyber policies continue to provide a lot of protection. They provide cover for all the events that they're intended to, and again, CrowdStrike will show this. Pricing. During the hard market, everyone made their own decisions on do you price for the coverage? Do you maintain the integrity of the coverage?
And that is what Beazley, we took a big decision to do, and we've spoken to you about this before. We said, "Yes, ransomware is up. Yes, the ransomware threat is real, and it's here, but we're going to underwrite, we're going to price for it, but we are going to maintain the integrity of the product." That means we took decisions to not apply sub-limits, to not apply other restrictions onto the coverage. And we feel at Beazley, based on the threats and our 360 view of cyber that we have here, and we feel our book is adequately priced. We have adequate rate, and we'll continue to grow, and we're seeing many good opportunities to grow, which is incredibly exciting.
And as we move on to the next slide, this further highlights the focus that we had on pricing and maintaining the integrity of the products during the hard market. You can see that in 2021 and 2022, the rate that was achieved by the team, but also, ultimately, during that time, our total number of policies, as we've shown previously, was coming down, and that was based on risk controls and underwriting of the ransomware threat. To give you one example, during the first year of the underwriting action that we took, we only retained approximately 50% of our policies. What that means, to me, most importantly, is we have a more resilient book for a lot more rate than we had prior to going in the hard market.
We can see we've given back some rate, and that's probably because, as I think we've said before, we may have overshot a bit, and we've always committed that if we did overshoot on rate, and if there was more than we needed, then we would give some of that back to clients. This is all about a partnership and going on a journey together over many years to provide this cyber protection. We have a very agile business that manages the threats, exposures, rates with each other, and what you'll continue to see us do, as a short tail line of business in the cyber market, is to manage that agility. It's very important that you're constantly, and we are constantly looking at threats, rate, frequency, trends, and it's a combination of those things, plus the Full Spectrum Cyber ecosystem that you have, that enables you to do that.
Another important point that I thought I'd make before leaving this slide is our systemic exposure and the total limits deployed today still remain less than the high in 2020, with a much larger premium base. That is an incredibly important point, and that just shows the focus that we have on using our limits wisely and making sure that we're optimizing and deploying correctly. Our expertise. We have a big cyber team here at Beazley that has been something that we have been building for probably close to 15-16 years in terms of having a dedicated cyber team. We have 260 members globally and 136 people around the globe, and that number may change month by month, but 136 people around the globe purely focused on cyber underwriting.
They don't do any other lines of business, and they just focus on cyber. We lead the coverage, and the most important thing we've had since day one in 2009 is the services that we provide. It started with post-breach services. We will help you respond and react to any event, and many people remember BBR, Beazley Breach Response. That is where the service ethos and culture came from and started at Beazley. "Please help us. We've had a cyber attack. Please, can you help us respond to it?" That was the call we had from clients. And now we've done a job of building on that, not just pre-breach, but for the duration of policy life cycle, we now have so many services that we can help our clients with and our insurers with.
Beazley Security, an in-house security firm we started from scratch several years ago, is now thriving. They have the capability not only to help our clients during the policy period, but with any questions that come up, any sort of cybersecurity service that's required, any questions that come up. When CrowdStrike happens, Beazley Security can be there to help advise our clients, and we think that's incredibly powerful, and it's going to be one of the keys to doing cyber well, looking into the future. Diversification. You have to have diversification, and we have very good diversification. We've spoken about diversification actually many years before, and we've always said the key to doing cyber well is having diversification. What does that mean? Well, our average line size is lower than perhaps the press would lead you to believe sometimes.
I think that's incredibly important, particularly when you think about systemic risk and adding up limits together. We manage our own claims. We are typically leading and primary on most of the business that we write. That means that we are in control of our own destiny in terms of pricing and underwriting the risk, but also, when the claims comes in, we're on the front line with the client, with the insurer, getting real-time information, getting real-time data, and most importantly, if there's a systemic event, we can come and tell you our position in a very stronger and faster than perhaps some other carriers would. This is exactly as we did with CrowdStrike. That's because we're on the front line as a primary insurer, partnering with our insurers, getting the real-time information.
We write cyber on all our platforms and different markets have different challenges, but the platform and global diversification that we have is incredibly important to us in managing cyber well. You have to have a very diversified book of business, and geography is one of the key ones that we've built here at Beazley. 10 years ago, we started our non-U.S. business. That feels like a long time ago when some markets are currently just starting that today. But we did that recognizing at the time that as the U.S. was developing, and we were very lucky to have a market-leading position, we knew that building out the non-U.S. presence early was going to be key, not just to maintain a leading position, which we're very proud of, but more importantly, it adds that diversification, which is good for everybody.
To add to that diversification, we write business across all segments. We write large accounts, middle market, and SME. Ultimately, having both an industry, size of account, and geography diversification, that is the levers that we manage to make sure that the book is well diversified. It's very hard to say how big the cyber market is. Everyone asks me that question, but what we do know from a lot of the work we've done with reinsurance partners, brokers, and others, is that we have roughly a 10% market share. However, that's not always the real, the true story. Everyone says this, but think this, the market share we've seen in certain surveys suggests that actually we are diversified in other ways. For example, in the U.S. large account space, we can have up to a 40% market share on a primary basis.
This is tremendous. That's about the market-leading position we have. And when people talk about market share, we have, we are heavy in some areas, but we're also underweight in others. And I want to underline that that is a deliberate, conscious decision that we've been making over the last five to 10 years, year on year, business plan by business plan, thinking about the business and how we're building it and how we're evolving, evolving it. We're looking at the risk and reward. We're looking at the rate. We're looking at what we can achieve in those areas, and it's also based on how the market cycle evolves in those areas and how the demand's evolving. Ultimately, being a leader in this market is incredibly important, and being able to manage the book and the agility in the way we do, I think, is the secret sauce.
Just letting this slide go through its animation. Full Spectrum Cyber, this is something that we launched very recently, and we are incredibly excited about Full Spectrum Cyber. This is our new way of putting together all the incredible expertise we have and showing that to our brokers and our insurers and our clients around the world. Right at the top, on the right-hand side, you'll see we have the Beazley Cyber Council, if I start there. This is a group of industry experts that really have nothing to do with insurance. We put this together a couple of years ago, in around 2021 , whilst the ransomware crisis was going on. These experts come together to help and support us.
They are government agencies, ex-government agencies, threat intelligence experts, and lots of, lots of other cybersecurity professionals from around the world that are top in their class and come together to talk to us around: What's the current cyber threat? What's the next cyber threat? Where is the threat going? What's the geopolitical impact on that? How do we manage that? What could we expect to see from Beazley? And trust me, we mark their homework. We look at what they've told us. We see, does it happen in the next year or two? And actually, they are very accurate. And I think the reason we get the accuracy we do from that group is, A, because we have a very open relationship with them.
And B, because we have a lot of different expertise from around the world, from different backgrounds, different companies, different organizations, that are bringing different views, and you're able to form one clearer view when you do that. And the key is how we then pass that on to our clients to help them navigate those threats and be more resilient. And now we have a whole service team, and Beazley Security focused on that, we're able to do that more effective than we ever have. We meet quarterly, and I attend the meeting along with various other people on my team, and we're constantly also monitoring our insureds through scanning, vulnerability assessments, phishing campaigns.
We can provide support for any of these clients, but importantly, if there's a new threat, if there's a new vulnerability, we're able to very quickly alert our brokers and clients to these to help, to help make sure that something bad perhaps doesn't happen. And we can also provide the support if a client says, "We have absolutely no, no idea how to fix this vulnerability," well, then we can help with that. We have a whole services team and Beazley Security that's on standby to help any client with any of those challenges. What we've always said since day one, and I remember this on our marketing since day one, is you never really want to experience one of these the first time and learn it as you're doing it, and you never want to go through it alone.
And that's what Beazley's all about, and that's where we step in. Adaptive Cyber Risk is constantly thinking about the coverage and how we evolve to make sure that the market is sustainable coverage, and that we're giving strong coverage for everyone moving forward. How do we build cat bonds? How do we build alternative capital? How do we make the war exclusion relevant for the modern day, so that everyone can evolve, and that we keep providing solutions that clients need? That is the journey that we've been on, and that we've said we wanted to be market leading on in the last couple of years. We have made massive strides in this area, and we are committed to continuing to do that. And now I'm going to hand to Aidan, who's going to talk to you a little bit about how we've been managing our exposure.
Brilliant. Thank you, Paul. So this section is called Managing Our Exposure, and here I will cover three main topics. So first, I'll speak to the key ways in which we manage systemic cyber risk. Then I'll provide an update on recent reinsurance changes, and then I'll give an update on our current 1-in-250 probabilistic loss model outputs. But before I do that, I wanted to set the scene briefly with a quick explainer on how we define systemic risk in a cyber context, and here, speak to some examples of systemic cyber events that could have a material impact, and think about how does this differ and contrast from attritional loss events.
So starting with attritional risk, these are losses that can be understood as higher frequency, lower severity events, which are much more predictable, and therefore can be much more easily modeled. Essentially, they are losses that are expected to be experienced in a given underwriting year. Typically, attritional risks are single loss events impacting one insurer, for example, a targeted ransomware or data breach attack, which do not result in widespread impacts to multiple entities. And here in this slide, we set out some more examples of attritional losses. By contrast, systemic cyber risk involves lower frequency, higher severity events, where a cyber incident impacts multiple entities. Systemic cyber risk involves some common cause or common risk factor. For example, reliance on a commonly used IT service provider, so that failure of that provider has consequences for other entities.
Or, it occurs where cyber risk spreads across entities by some self-replicating or propagating mechanism, such as with computer viruses. Three cyber scenarios are generally understood by us at Beazley, but also by the broader industry, as having the potential to cause the greatest impacts. One, a large scale outages of IT services, such as the cloud. Two, the outbreak of widespread, untargeted, and self-propagating malware or viruses, and three, a large scale data breach attack. In all these cases, the accumulation of losses occurs because of some unifying factor or aggregatable event involving dependencies or interdependencies or connections that can result in cascading consequences. Often, a key driver of losses is business interruption caused by shutdowns of IT systems, and this includes shutdowns of third-party IT systems.
And as I'll go on to explain, our framework at Beazley, to manage systemic cyber risk, carefully reflects these considerations, the identification of scenarios, the quantification of accumulation losses, proactive management of business interruption exposure, and ensuring we have clear and transparent coverage in all of our underlying policy contracts. So underlying all of this is the quality and diversity of our portfolio, and here I want to draw out three ways we manage systemic risk, within our underwriting process itself. First, we actively manage the capacity we deploy on individual risks to help control our exposure. As Paul mentioned previously, our average limit is $1.9 million, and 99% of our policies have a limit of $10 million or less.
We manage dependent business interruption risk often via sub-limits because we know that many systemic cyber events involve losses to insureds that arise from their dependency on third parties, where the third party suffers the attack. Second, we actively diversify our portfolio to avoid any concentrations of exposure within a particular industry sector. We do this because in certain systemic cyber scenarios, industry-level dependencies on common software or common suppliers exist, and in fact, over the past twelve months, we've seen that dynamic manifest a number of times, notably in the Change Healthcare and CDK outages, which created cascading impacts largely contained within one industry. We also diversify by size of company, so that can be important because as we saw with the CrowdStrike outage back in July, greater impact was felt by companies with larger revenues.
There was less impact to small and medium-sized enterprises who were generally not CrowdStrike customers. And so it's important we ensure that our portfolio remains balanced, diverse, and not overweighted in any one industry sector or revenue segment. Third, we manage our exposure to systemic risk within the policy contract itself. Beazley has led the market in developing new policy wordings that better define certain systemic events that are uninsurable, and so fall outside the scope of coverage, such as losses arising from war, cyber war, or failure of critical infrastructure providers. These exclusions to cover are applied to all of our cyber policies worldwide. Our aim here is to ensure policy coverage delivers clarity and greater certainty as to how the contract will respond.
This approach, here at Beazley, is supported by our cyber underwriting management team that oversees the underwriting process at a portfolio level, creates underwriting actions in response to new threats, and that could include threats from the Beazley Cyber Council that are communicated, and communicates these threats out to the underwriting teams in the field. Importantly, this team has a worldwide remit, which drives standards across all of our platforms in a consistent manner. So I really love this slide because it illustrates succinctly the points I've been making in the prior slides. Here, we show that over the past four years, the in-force cyber premium has doubled against total aggregate exposure, which has remained broadly flat over that period.
The key message here is that we take optimization of our aggregate exposure very carefully, and this is constantly monitored against the market conditions to ensure that we are obtaining an appropriate reward for taking the risk. Now turning to our reinsurance update, I'm pleased to say we continue to progress in leading the development of new cyber reinsurance solutions. This has been quite an exciting journey for the Beazley team, starting in 2023 with our Cairn series of private catastrophe bonds. Just to remind this audience, that was a market first, the market's first-ever cyber catastrophe bond, and then through this year to the pioneering 144A cyber catastrophe bonds in our PoleStar series.
I think what this shows is that ILS investor confidence in our cyber business continues to increase. We have helped lead the way on educating the ILS community about cyber risk, and, pleasingly, we've been able to bring a number of new ILS investors into the market with our PoleStar 3 transaction. In addition to the catastrophe bonds, this year, we've also secured the cyber market's largest industry loss warranty. This is a form of reinsurance that provides coverage based on the total insured loss experienced by the industry, rather than Beazley's own losses from a specified event. These developments are good for Beazley, but I, I think are also good for the wider cyber market.
And I should say that here, our motivation isn't connected to any risk appetite constraints, but rather because we want to build out the reinsurance market so we can capture new opportunities in the future. Ultimately, the global cyber market will need additional capacity to achieve its growth potential, and having more regular alternative sources of capital is an important milestone on that journey. And the benefit to us is $1 billion of cyber catastrophe protection. So here there are two specific reinsurance changes to note. So first, we have sponsored a new catastrophe bond in our PoleStar series. This is PoleStar 3, which provides an additional $210 million of coverage.
This means Beazley has now secured the largest cyber 144A catastrophe bond at $510 million in total, to provide protection against cyber catastrophes. Second, we have our new cyber industry loss warranty, which provides $290 million of coverage. The ILW responds if industry losses exceed a predefined trigger amount, and in this case, in the event of U.S. industry losses exceeding $9 billion. Importantly, both the bond and the ILW provide coverage against malicious and non-malicious cyber events. Here, I will provide more detail of the model outputs. The key update here is that the additional reinsurance protection we've secured significantly reduces our net 1-in-250 risk. As we outlined during last year's capital markets day, Beazley's cyber risk appetite is set using our internal probabilistic model.
Using a probabilistic model helps us focus on more extreme events, and ways to optimize our portfolio. The probabilistic loss is shown based on a 1-in-250-year event, and this is consistent with the return period used to manage natural catastrophe risk. As you can see, in this slide, the cyber 1-in-250 net loss is currently $461 million. This follows model updates made during the year, and the reinsurance changes I previously explained. This $461 million compares to the most recently disclosed dollar amount of $651 million net in our 2023 year-end report and accounts. As part of the model validation, the internal model is compared to other models on a regular basis.
In the right-hand box, we show the total cyber risk included in our internal model, compared to the CyberCube model, which is one of the leading external vendor models. What we show here is a comparison of the two models at a range of return periods, and we show this on a gross basis to avoid reinsurance effects. As we can see, the curves broadly converge at the 1-in-250 return period, and this means we are capitalized to risk that is consistent with external models. Greater convergence of independent model outputs reflect, I think, a growing consensus about what tail risk looks like in cyber, providing a proof point that cyber risk can be modeled, and that there can be an appropriate level of confidence in those model outputs.
It's Paul again here, and just one thing that I wanted to comment on, on this slide is, from when we updated you a year ago, I think we've been on an incredible journey, as you can see, with what we've done both in the reinsurance and the ILS space, but also how we continue to evolve the modeling here at Beazley. I think it's a little. It's quite important that we just talk to you a little bit about that journey that we're clearly on. Over time, we will absolutely consider reviewing our 1-i n- 250 risk appetite, and we will bring down the 1- in- 250, like we have, provided the risk reward makes sense, the cost of the protection that we can achieve is stable, then we'll continue to hedge and keep our risk low.
If the risk reward doesn't make sense, then we will do what we've done previously. We will write less, and bring down the risk in that way. If the risk reward remains good, but we're not able to efficiently hedge in the way we have been in the last year, we may increase risk, and therefore, the 1-in-250 may grow. So we are not signaling that the 1-in-250 is going to continue to come down. It may come down, it may go up, depending on the variables, the risk reward, the availability of capital, and importantly, at the right terms. We are anticipating that we are roughly 12-24 months away from being able to show you the 1-in-250 appetite, as a percentage of shareholder equity.
Again, this is gonna depend on continued and consistent access to protection, so we can hedge at scale. But that is the journey that we're currently on. Over time, we may show you more points from the curve, and the evolved information is shared externally, the way property does this in our thinking. For example, they have a 1-in- 10 AEP that you also see. I think the really important point is, we're on a journey. There are some factors that will influence that journey, but we're committed to continuing to share as we go.
That's brilliant. Thank you, Paul. So finally, in this section, I wanted just to remind everyone that we continue to utilize and evolve our RDS suite. RDS stands for Realistic Disaster Scenario, and these are the scenarios representing plausible high loss events, which allow us to test a specific cyber scenario against our portfolio, to identify and measure aggregation risk. And here in this slide, we set out some examples of scenarios we consider. The RDSs remain very important to our management of systemic cyber risk, because we always must contemplate the latest technical expertise and views of potential cyber scenarios in our own thinking. And with that, I will hand back to Paul.
Thanks, Aidan. Just going to spend the last couple of minutes talking to you about some of our outperformance. We move to the next one. What you can see from this chart is it hopefully demonstrates to you everything that we've been talking about, and how everything we have in place at Beazley really does help us deliver lower loss ratios and outperform the rest of the market. That is something that we take very seriously, and we think about every day. We showed you a chart similar to this a few years ago, and the source is the same. So in terms of drawing consistency, we've done that. These loss ratios are incurred reported loss ratios on an underwriting year basis, and therefore, the younger years, which are less mature, will still develop.
And what we typically see over time is that we realize our position on these younger years much earlier, given the primary nature of our business, given how close we are to the claims, and you typically see the gap between us and the market widen over time. This shows you, as we've said before, how the early years performed from 2016 - 2019 with our performance. 2020 was our most challenging year with ransomware coming in, and then after the corrective action, you can see that 2021, 2022, 2023, and I hope 2024, will continue in the same vein, and you can start to see that outperformance again. Moving on to the cyber outlook. We are definitely in, as we said earlier, a continued area of accelerating risk, which is going to see demand growth.
That is not a question, but it's also gonna need continued investment in underwriting, claims, threat, and services expertise. We have to have an agile business that's always on. We have to use risk management, and Full Spectrum Cyber and Beazley Security are two very substantial investments that we made in the past 18, 24 months to ensure that we keep doing that and evolve the business here. Having a diverse and balanced book, as Aidan said, is one of the frontline defenses, not just to systemic, but to all risks that the cyber market faces. Market-leading capacity reinsurance programs, we've been innovating. It's been fantastic to do this. It's the start of the journey. But that is not just about us.
We're doing this because for the market to provide the solutions, we need more of these things to be accessible to everybody, and that is a journey we're committed to go on, and as you can see, we continue to make great strides. Hopefully, you can see from this just how much systemic risk is being actively managed. We treat our limits and our aggregation extremely importantly. We use them wisely, we optimize, and we build that into our DNA and underwriting culture that we have in the team. Risk management is reflected in the core, and events such as CrowdStrike has hopefully showed you how, as a market leader, we're able to communicate early and clearly with you, and continued long outturn performance as a market leader is how we want to set up the business here at Beazley.
With that, I will hand it back to Barbara, who is going to help with the Q&A.
Yes. I think, actually, we have the moderator helping us on the Q&A. Thank you very much, Paul and Aidan.
Thank you. Ladies and gentlemen, if you wish to ask a question at this time, please signal by pressing star one on your telephone keypad, and please make sure the mute function on your phone is switched off to allow your signal to reach our equipment. Again, it is star one to ask a question. The first question comes from Kamran Hossain from J.P. Morgan. Please go ahead.
Hi, team, thanks for the presentation. Two questions that I was kind of interested in. In terms of the pricing message you're giving, and I think end of August, you said pricing down -6 , at the half year, you were saying something similar, why hasn't pricing reacted to CrowdStrike? Just interested in that, and also if pricing maybe hasn't reacted, how about demand? So has there been an uptick there? The second question is on growth.
Y ou've outlined kind of very exciting opportunities for growth at the industry level. I think the market hitting $40 billion. D o you think you're able to participate in that growth? What are the restrictions within the business as a whole? And I guess, Paul, you've got a new hat on today as Group CUO. I f cyber is gonna grow to $40 billion, and it's currently at a much smaller market, how does that play out within the balance of the group? So any thoughts on those two or on the two and a half would be great. Thank you.
Great. I'll take the first one. You're right, the rate has gone -6 , -6 , and CrowdStrike is currently estimated, from everything that we're hearing and reading, to be roughly a $1 billion event. It's probably not enough to drive the change that people were perhaps anticipating in the cyber market, so that's not unsurprising to us. It has definitely, in your second part of that first question, it's definitely led to more demand. I think where CrowdStrike is having the greatest impact in the market is people thinking through the coverage. How to provide coverage for malicious and non-malicious events? Should there be sub-limits? What should waiting periods be?
I think those sorts of actions and sort of underwriting changes take a little bit longer to flow into the market, if we were to see any changes from carriers, than perhaps pricing. For us, looking at CrowdStrike and the impact and the forward impact, it's definitely driving demand, particularly outside the U.S. in the large cap and middle market space, but it's going to be more around coverage and making sure you're managing how you're giving that cover and the systemic risk that it can present.
Yes, and, if I should take the growth and our potential participation of that, I believe, Kamran, that we have a good outset with the structure that we have across our group. We always look at capital allocation and where we have growth opportunities. And as Aidan was also explaining, the possibilities we have in order to manage the exposures that we have with the reinsurance and the different bonds and ILWs that we have, we believe that that gives us a good outset to participate in the future growth. Bear in mind also that we are strengthening the positioning that we have across the European markets and therefore will be able to also accommodate some of the growth that we foresee in those areas.
And just to add on to that, Kamran, from a the cyber business standpoint, and like you said, with my slightly new add on, we don't sit there at the start of the year thinking, "How much are we going to grow our cyber?" We look at: What's the risk? What's the reward? Where is the best place to focus to do that? And as Aidan and Barbara said, can we get solutions that help us , hedge that risk and buy the reinsurance we need? And what we grow and how big we get to will be a function of all those things.
Thanks, both. Thanks, Barbara.
We'll now move to our next question from Ivan Bokhmat from Barclays. Please go ahead.
Hi, good morning. Good afternoon. Thank you very much for the question. One question I wanted to follow up on what we just discussed about the CrowdStrike impact, and just wondering how much of a loss do you think would have been needed for the prices to start accelerating? And maybe to expand a little bit on that, we now see that the market is becoming a lot more developed. I think more reinsurers are engaged in it. There are externally validated models. So it's clear that the cyber risk is no longer as alien to the reinsurers as it once used to be.
Do you think that there's a risk that it also will become a bit more cyclical in the same way as the rest of the, let's say, property cat market is? 'Cause over there, the prices, of course, are starting to slide a bit. Isn't there a risk that this process may continue to drag cyber prices down next year as well, and that's therefore pricing will be a headwind to your future growth?
Just on the first question, I didn't quite catch it. It was a little bit muffled, the first one.
Sorry, I can repeat that in maybe simple way. You're saying $1 billion was not enough to move the cyber market. How much of an event would have been necessary for prices to go up, you think?
Sure. Got you, got you. Thank you. Yes, I did say that on $1 billion. I think the early ranges of somewhere in the $4 billion-$9 billion, I think we would have been looking at a market that would have been moving substantially. But I also think it depends what else is happening at the same time. Now, what we do know has been happening for many others, and we haven't seen this at Beazley, is the frequency of events outside of systemic events like CrowdStrike, has been on the rise, for the past year. And so it's a combination of how big would that systemic event need to be, plus the increase in frequency, plus the rate reductions you've seen.
So I think it's a function of more than just one lever and one loss, but for me, if those initial ranges had been accurate, then we would have seen that. Your second question is a good one because there are a lot of synergies between the property cat market and the cyber cat market, and that's something we spend a lot of time thinking about. It could become more like a property market, and I think we've said that about the cyber market, that it's a short tail gross business, and whether there's cats in any given year may well influence what happens to that market the next year.
We're not seeing that anywhere near to the same extent as property yet, and I think the reason being is that there have been more hurricanes in property than there have been in cyber, for one point. And that means there's a low confidence growing in the models and the ability to model the tail risk, and you're right, it's no longer seen as the alien, as you said. What we are seeing is more confidence growing, but I don't think very quickly we're going to get to the space that you mentioned. What could happen is one could start to impact the other in other ways.
For example, if there were many hurricanes in property, that may affect the cat market in general, and a lot of the markets that are riding the cyber cat are big players in the property cat world. But I don't think that you'll see cyber, just right now, rapidly moving to the sort of cycles that you allude to on property.
Thanks.
Thank you. We will now move to our next question from Nick Johnson from Deutsche Numis. Please go ahead.
Thanks very much, and good afternoon, everyone. Three questions, please. Firstly, on U.S. growth, just wondering what you see being the catalyst for the next leg of growth that you're predicting in the U.S. market. It looks like premiums have been pretty flat for several years. Just wondering what you see changing in the U.S. in 2025 and 2026. Secondly, you mentioned increased competition in Europe. Just wondering how that has manifested. Is it a case of price competition, or are you seeing competition around policy coverage and wordings, et cetera? And then lastly, the reduction in the 1-in-250 year number is very substantial. Just keen to understand a bit more of the moving parts.
Is it a case of the reinsurance you've got now has enabled a lower net retention at the bottom? Or is it a case that deeper reinsurance means there's less risk of going out the top of the reinsurance layers? Or i s there a contribution from other factors like model change or risk in the underlying primary portfolio? Thanks.
Hey, no problem. Thank you, so U.S. growth, I think we see certainly in the short term, as you said, there are a couple of growth opportunities. The first is the SME space. It's an area where we now see that the risk/reward is more where it would need to be for us to be able to continue to grow that business a little bit more than we have in the past. And so we've been doing a lot of work on digitization, how to provide more digital solutions to brokers. We're not talking about going direct to clients here. We're talking about how we can efficiently do that business with our brokers.
And so we're making huge strides with our digital team, through a joint venture, to really start to figure out how we can really automate and drive digitization into the cyber business, 'cause we think that is going to be a big growth area in the next year or two. And the second is, we are seeing, particularly after events like CrowdStrike, a lot of large clients looking for more solutions from Beazley. L ooking to go to the key carriers, to really think about how they're building their programs and look for more and more support. So I think a combination of those two things is where you'll see the U.S. growth coming from. Europe is competitive. On your second question, we expected that.
What typically happens, and I've seen it so many times now, is the U.S. market conditions that we saw 18 months ago then hit Europe a year later, then they'll hit our Asia business. So what we're really seeing is the price competition that we saw in the U.S. previously. Having said that, we feel very good about our book. We feel very good about the price adequacy and our ability to respond. It's certainly not, from what I see, coverage. It is a pure price-driven end. A t the end of a hard market, I guess with any line of business, that is what you start to see as the market leader, we have a lot of clients. We have a lot of great relationships.
We have long-term relationships. We have a lot of tools and things that enable us to to hopefully outperform, as we always have done, on rate. And then, your last question on the 1-in-250 and the movement, there are some moving parts in there. The detail that I can give you is that the model change would've increased the number and definitely not brought it down, and the reinsurance additional purchases that we gave through the bond and the RW would've brought it down. And so it's a combination of those two things.
Super. Thank you. Thanks very much. Thanks.
Thank you. We'll now move to our next question from Will Hardcastle from UBS. Please go ahead.
Hey, thanks for taking the question. Congratulations, Paul, as well today, and thanks for a really great presentation. Look, in terms of just trying to understand how the reinsurance kicks in, I know you said you'll help us in the future with that sort of frequency-type line. I'm just trying to understand where your new reinsurance protection is. Is that sort of coming in at 1-in-50 , 1-in-100 ? I guess you've given those data points to the cat bond investors, so that would be helpful. And just also then, around that 1-in-250 level, it's obviously the reinsurance that's helping that. Are you able to provide help with us on what sort of capital benefit that gives as well? Thanks.
On the first question, where the reinsurance protection kicks in, there's not details there that I can provide you, but you're right. The bottom of the reinsurance program would kick in below the 1-in-250, because obviously the loss would be smaller, but it would kick in below the 1-in-250. We will, as we go through this journey, start to disclose more around other return periods, but for now you are right that tower could kick in down at the lower levels. In terms of capital.
Yeah. I think, at this point in time, what we'll say, Will, is, it's relatively marginal. And obviously, when we come out with the IMS for the Q3, we will give you additional updates.
Thanks.
Thank you. As a reminder, to ask a question, please signal by pressing star one. And we will now take our next question from Abid Hussain from Panmure Liberum. Please go ahead.
Oh, hi, good afternoon, everyone. I've got two questions, please. The first one is on people and growth, really. I'm just trying to understand what do you need to capture the growth that's in front of you? It looks like, obviously, a very large opportunity in front of you. Do you have the right people? Do you need to add more people? And then on the distribution side, can you just talk a little bit about the distribution? I think you touched upon the fact that you're trying to digitalize your approach to the SMEs. Just a bit more color in terms of how do you actually hoover up the opportunity, please. And then secondly, the question is on your cyber threat monitoring.
Just wondering if, given that's working really well, if there's an opportunity to perhaps license that cyber threat monitoring service as a standalone service, perhaps as a, some sort of subscription model. Just wondering what your thoughts are on that.
Great couple of questions. Thank you. On the people and the growth side, and what we need, yes, to do SME well, we absolutely need automation, and we're making those investments both in the systems that we have here, but also how we interact with our brokers, things like APIs, digital trading, but also building those things that we still underwrite and price, and all of the things from Beazley. And that's incredibly important to us, that we maintain that control of our own destiny. In terms of people, it's a great question. We've grown the team a lot, and I showed the slide. It's getting really big, and that's without the without the service people in.
I think the mantra that we have here is, what we are looking for going forward is we will need more people, but we are doing a lot of things to make sure that we're bringing talent through. We have graduate programs. We have graduate schemes. We help with universities that run challenges on cyber, 'cause what we're very focused on is bringing through more talent. I think what we have here is a great team that could make anybody a cyber expert, right? But what we really need is good people. So really what we're focused on is finding good people and bringing them in. And when we need to augment that with cybersecurity talent, the good news about the cybersecurity industry is that that's growing, that's booming, and more and more people are looking to come into that.
So in terms of the talent and the people that we need, I feel really good. Distribution we distribute our products through our brokers, and we are fortunate to have tremendous trading relationship with all of our key partners. And again, they are organized very much like we are globally. If you look at a lot of our key brokers, they are distributing through global teams that are now set up on cyber globally, and we have relationships with them both on a global basis, but also incredibly important, on a local basis, so in the U.S., in Europe, in the individual countries, we have teams there. We are operating out of our main hubs distribution-wise, so North America, and the offices that we have spread across North America, Canada, and we have our cyber underwriters there.
In Europe, we are. We have a team in Paris. We have a team in Barcelona and Munich. We have a team in Asia. So we really are putting all of the underwriters into the key locations and the Beazley hubs that we have. The other thing that's incredibly important is where we are also distributing is through our services, 'cause there's no point having the underwriters there if you're not going to have the services and all of the things that a client needs. So we're spending a lot of time making sure that we have all of those expertise in the local offices, in local languages. T hat's the other thing. We're constantly training in local languages with all of our key partners and our clients.
So the distribution is a little bit more white glove as you get to the middle market, and then very white glove as you get to large accounts. We're making sure that we set up our team appropriately around that. Having people that think around the SME and the lower middle market, and how we drive that digitization, and how we drive that opportunity, but have underwriters that are focused more on large accounts, meeting large accounts, building those long-term relationships. We generally do more than one line of business than just cyber with them across Beazley, which is fantastic. We've had a lot of great success with cyber clients becoming property clients in the last two years.
So we just have different parts of the team that are focused on different market segments and making sure that we work very closely with our distribution partners. And then lastly, on the Cyber Council, great question. The best thing about this council is the information we get, and I completely understand why a lot of them want that to remain secret and people to not know who they are. But we are thinking about ways that we can share the insights, the intel with our clients, with our team, with perhaps some other key partners. So that is something we're constantly thinking about. They actually put a few pieces out recently on some of the threats and actually thinking around the impact for D&O, and directors and officers, that the cyber threats bring in.
So we are constantly thinking that through, and I think we've deliberately been in the shadows, to want to use a bit of a James Bond term, for the last couple years, and we are thinking more around how we evolve that and share some of the messaging and the great insights that we get.
Great, thanks. Thanks for that.
Thank you. Yeah, so, we will now take our next question from Derald Goh from RBC. Please go ahead.
Hey. Hey, good afternoon, everyone. I've got three questions, please. The first one, could you maybe share thinking behind how you set your line size? So you've got an average of $1.9 million. How do you arrive at that figure? And as you grow, based on your current plans, will that average line size go up or down? And maybe if you could also share, what is your current maximum line size? That's question one. Question two, could you maybe speak to around diversification? I know you shared a few details, but there's just market perception that within cyber there isn't a diversification per se, right? Because you only have a handful of operating system and cloud providers. So how do you go about assessing that?
And the third one, I guess, you showed your reinsurance structure. That's really helpful. I'm just a bit surprised that you have more protection from alternative capital providers than traditional ones. Why is that? What, or I guess, asked differently, what does it take for your traditional reinsurance partners to take on more cyber risk? Thank you.
Thank you. Great three questions. How do we set our line size? Again, that's an annual review, constant review of looking at the risk reward, the market conditions, the available rate, the frequency, the severity, and the threats. It is definitely lower than people expect, and it does move over time. I'll give you one example. When we were building the business, it was higher because large accounts tend to buy first in a country as demand emerges. And so your average limit is higher to begin with because larger clients are buying bigger limits. And then as middle market and SME comes online, you see that come down because the limits are much lower. The maximum line size we have, which anyone sees, is $50 million.
A nd it is deployed very, very wisely and very carefully on a select number of accounts. And what you will find is, in the SME space clients looking for potentially hundreds of thousands in limit all the way maybe to a million or two. Middle market starts to kick in at the $2 million, maybe to the $5 million. You might see some larger middle-market companies buying $10 million limits. And then obviously, large accounts could be anywhere from that $10 million-$25 million space is typically what you'd find. But bear in mind, that's just for our participation.
What a lot of these clients are doing with their brokers is building a program of $several hundred million, and we are likely the primary or the first excess insurer, and we typically are low on the programs in those positions because of the benefits that we can bring, how we can bring our underwriting, claims, and services expertise to the front. On diversification, I see you asked the question from another way. How do we look at diversification from the threats and the operating systems that. And you're right, there are probably 10 -1 5, 20 companies out there that can really present that systemic threat, and Aidan named a couple of the scenarios that they could look like when he was talking, like the cloud outage, for example.
And so we carefully think about that, but then what you also have to think about in diversification is, actually, if that cloud outage was to happen, you would see different things happening in the SME space for the middle market to the large account. You would see different resiliencies, different backups, different speed of recovery, different impacts, and revenue loss would be impacting each of them differently. It's not all everyone has a disaster at the same time, and I think so understanding the detail that goes into these scenarios is incredibly important. And just to pick on the cloud one a little bit further, I know we've been talking about this for a long time. Everyone says, "Oh, the cloud, the cloud goes out." It doesn't necessarily go out everywhere around the globe. Maybe a European part of the cloud goes down.
Maybe it's North America, but North America is divided with a lot of the cloud providers into six different clouds. Maybe it's in Asia. So again, that diversification, both through SME, middle market, and large, plays through in all of those scenarios. And in some of the scenarios, you find cloud providers that are more SME clients focused. Some that are more large account focused. So again, that's something you saw with CrowdStrike, which is a great example to show that. CrowdStrike was a global issue. It was detected first in Australia and in Asia. That meant that the rest of the world saw it coming a little bit and could be a little bit more resilient and ready for it.
But what you also saw with CrowdStrike is it was predominantly a large account issue, because if you look at the company, and you look at their website, and you look at the publicly available information, you'll see that they really do focus and specialize in the large account space. The third question, which was around the bond and the ILW having more alternative than traditional, that's right, and that's why we went on this journey. We said at some point, the traditional reinsurance market was going to start to not be able to continue to provide the solutions in totality that the cyber market needs. That's something we saw perhaps a couple of years ago, particularly during the hard market. You heard about some traditional reinsurers starting to optimize more rather than provide more capacity.
When you look at the property market, a lot of that cap protection and a lot of that, the big cap protection comes from the, comes from the alternative capital space, and we've been working very hard to, to develop those relationships. The only comment I would make is that when you were to look at our ILW, and we're not going to disclose the names, actually 90%, 80% of the ILW is from the traditional reinsurance names that you would know. So I think it's perhaps those traditional reinsurance names don't write the bonds as much, but they do in the ILW space. So I think it's just a natural evolution of the market, probably akin to what the property went on many moons ago.
Thank you very much.
Thank you. Our next question comes from Shant Kant from Bank of America. Go ahead.
Hi, thanks for taking my question, and, congratulations, Paul. So I was just curious about your appetite for growing market share. So it says you're around 10% of the global market at the moment, and I was just wondering how hard you would push to secure more market share in future. And then my second question is just around the cyber exposure as part of the total book. So it's currently around 20%, of your total portfolio, and I was wondering if you, expect to materially deviate from that in the near term. Thank you.
Thank you, and thank you for that. On the market share, I'll take that one. We haven't sat here over the last sort of 15 years thinking about what we want our market share to be or what we want it to be next year or focused on that, because I think that's the wrong thing to do. We sit here thinking about where can we grow, can we grow profitably, where can we grow, where we can deliver all of our benefits, where we can deliver the services? So I think as long as you see the market continue to grow, as long as we can get the risk reward that we need, as long as we can do it safely and profitably and support our clients, you will see us grow.
If that means we could grow our market share in certain segments, certain parts of the side market, then we'll absolutely do that. If there's a moment to retrench, like we did previously, because we had to in 2020 because of ransomware, I mean, that was a cultural shift to see to talk to a cyber team around shedding 50% of our policies in one year. That was a huge cultural shift.
And so I think you can assume that it's our market share we'd, of course, we'd love, love to keep it where it is, but we'll grow it where we can, and if we need to reduce it in certain spots, we will do that, based on risk reward, based on the market conditions, based on how to responsibly keep evolving and growing the cyber market. Yeah.
Yeah, and I think on the percentage in terms of our total business, obviously, as a group in Beazley, we like to have a diversified portfolio of products and lines of businesses. I think what you've seen in the past is, at one point, we were as high as 25% in cyber of the total. So I think we can manage that across the total book. We're quite comfortable with the 20% that we have today, and again, as opportunities evolve, and where we sort of want to put up our own balance sheet, as opposed to using third-party capital, is what we will manage and pay attention to going forward.
You shouldn't see, like, a massive change, but you can see variations around the 20%.
That's great. Thank you.
Thank you. We will now move to our next question from James Pearce from Jefferies. Please go ahead.
Oh, yeah. Hi, guys. Thanks for taking my questions. So the first one is on the ILS market. So, I mean, it sounds like the ILS market specifically will be important in locking, in unlocking the growth opportunity that you spoke about on slide seven. What do you think needs to happen for the cyber ILS market to really take off? And do you think that's gonna be quite a crucial catalyst for future growth? Second question, again, is on the forecast on slide seven, and I was interested that you said it was rate agnostic. You said that there might have been a bit of an overshoot on pricing.
I know there was a bit of pressure, rate pressure this year, but if you look at the loss ratios in recent years on slide 24, I'm just wondering whether you think the current level of pricing is sustainable over the long term, and then, I guess just as a point of clarification, again, how should we interpret that loss ratio chart on slide 24? Is that just based on reported claims, so doesn't include IBNR, for example? Apologies if you mentioned that, and I missed it.
N o problem. Thank you. Yes, I think ILS is key to unlocking growth, and it's key to unlocking growth to be able to keep providing the solutions in terms of providing the limits and the coverage for systemic cyber moving forward. The ILS market is going to be key for that, and it's gonna be crucial. I think it's happening, right? And so I'm not worried that it's not happening. The confidence is growing. The investors that are interested are growing. It's taking time, and all the investors in that space have said, "We need time to educate our funds.
We need time to go through a lot of the education process." But just by the sheer fact that we can build the amount of limit that we've currently been building and start to do that gives me confidence that it's happening, and we're already hearing about that there could be lots more of these coming to the market in the coming year or two from other insurers, which I think is incredibly exciting. The key is, A, the relationships and ultimately confidence. T hey want confidence in your business, confidence in your underwriting, confidence in the way you manage systemic risk, and you're thinking about systemic risk and how you're deploying it, and the education process.
And I think a lot of the heavy lifting now is starting to be behind us, and as you see the models, we're all looking at things in very different ways and converging to the same place. People are now really talking more and more about these, and so I think it's crucial, but I think it's happening, and I think that's incredibly exciting, and I certainly couldn't have given you that answer two years ago. In terms of the rate agnostic and is the pricing sustainable, we feel the book is certainly at Beazley rate adequate from the threats and the frequency and everything we see today. But if the threats evolve and change, we've always said then the market will need to do the same.
And so I think it's more about where the threat's going. Now, there's nothing that I can see on the horizon, but then threats can come from anywhere. If there was another CrowdStrike that was substantially bigger, if there was something more malicious, like a CrowdStrike that ended up being more malicious, that would be a very different threat. So for me, the critical question on the pricing being sustainable is all around where the cyber threats go. And if frequency continues to rise in the market, again, we're not seeing that yet, but if that starts to happen, that is what happened in 2019 and 2020 to a lot of people, and so we will see what that means from a rating standpoint. The loss ratio chart does not include IBNR.
They are years of account, so they're not calendar years. They're years of account in terms of underwriting, and they are the incurred. So these will develop over time, and the point I was making is typically what we see when we're able to outperform the market is, because we're primary, we get certainty on our incurred and perhaps our ultimate position much faster, and you'll start to see that the pink dot and the purple dot. I've got my contacts in, but the pink dot and the purple dot will move further apart because we reach that confidence level when we tend to see, when we're outperforming the market, drift away from the pink dot a little bit, if that's useful.
Helpful. Thank you.
Thank you. We'll now take our next question from Darius Satkauskas from KBW. Please go ahead.
Hi. Thank you for the presentation. So the first question is that there seems to be a lot of focus on the 6% rate reduction today, whilst you sort of highlight that the business is price adequate. If you assume that the things will remain, how you sort of modeled it, could you help us gauge how much the rates could actually decline from here before we start approaching price inadequacy? And then the second question is, if I'm correct, I think you've been holding on to your cyber cat margins from the last sort of few years. Are you now reaching enough development to start releasing it either this year or the next, or how much longer do you think we have to wait for that? Thank you.
Thank you. On the first question, the -6 feels fairly stable. We are definitely seeing the market stabilize a bit after post-CrowdStrike, which is unsurprising. We're certainly not seeing increases, but we've definitely seen a what we would call some stabilization. All I can say to you i we feel we're price adequate, and if we see threats or anything to suggest that the book would not be, we will adjust, and we will obviously take action on that. But right now, it's very hard to give you an answer to that question, because the amount of price adequacy will depend on that threat and how severe it is and what that means.
In terms of, I think your second question was around, that we've obviously talked about the cat margin that we hold, for cyber previously, and just like property cat, we have a release pattern for releasing that cat margin, that we go through on an annual basis, and that works the same as you would expect with property cats, although noting cyber is less cyclical, in nature, and a cyber threat can happen at any point during the year, so perhaps the patterns look slightly different.
Thank you. We will now move to our next question from Will Hardcastle from UBS. Please go ahead. Will Hardcastle, please go ahead with your question.
Sorry, that'll teach me for being on mute, won't it? Two questions, if that's okay. Just thinking on CrowdStrike, I guess that this, the main impact of this only lasted a day or so, and obviously, timings have helped the industry. I guess, is there any way or data that you can provide, that let's say, this had lasted a week, or so, what the industry loss might have been? Has any models been published on that? And then the second one is, I guess, who's winning the generative AI battle presently? It seems like insurers and maybe risk prevention currently, but where does gen AI sit on your list of biggest risks in the near term? Thanks.
Great. Thank you. On CrowdStrike, you're right, it was only a day or so. I've seen lots of market predictions on what that could have cost for modeling and so forth, if it had gone on for longer. I think it's very difficult to for me to sort of give a an answer on that, because I think I'll leave that to the modeling firms. But also, if it had been more malicious, what would it have been that had been more malicious? And so there's a lot of what ifs to that question . It could have been something more malicious and less more hacking in nature, that actually had a reasonably quick fix deployed.
It could have been something that didn't have a fix deployed. So I think what you probably will see, Will, in the coming months, is perhaps some of the independent modeling firms start to form a view on that, and it'll be interesting to see what they say. That said, it was well within the sort of scenarios that we plan for, and we do have scenarios that are much more severe than this, that feed the probabilistic modeling, and so on and so forth. On AI, it's a great one. We spend a lot of time thinking about this. W hat we have seen is that it's proving great defense at the minute, and that the cyber threat seems to be something that's being managed through that defense right now.
I can tell you that one of the things we deliberately did in the last year is we created a subset of our Cyber Council with a few experts on AI, and actually supplemented that with some AI experts, so that we're constantly thinking about it, because as you've seen, and as we've all read, the AI landscape seems to change weekly or monthly at the moment. And so we have a dedicated group that's looking at that, giving us the intel. But right now, we still feel the same as we've always said to you about that, that the defense it's providing it seems to be outweighing the offense. We haven't seen any of our clients suffer a massive AI attack or cyber attack of any description.
What we have seen AI do is make certain existing cyber threats a little bit more effective, and the best example I can give you of that is phishing emails and phishing campaigns. AI has a great ability to make them. It's to make you fall for them much better and click the link than perhaps a human does when they create these things. So we're seeing it being used for things like that, but that's, that's the most use we've seen so far.
Thanks.
Thank you. And ladies and gentlemen, we have time for one last question today. Phil Ross from BNP Paribas Exane, please go ahead with your question.
Hi, there. Thanks for the presentation. Firstly, can I just clarify on pricing? I may have got this wrong, but I thought the pricing was down more like 10% for half year, judging by the cumulative rate change movement table, and then the chart you've got on the slides as well. Maybe that's on a different basis of calculation for the -6 , but if you could just clarify, that would be helpful. And then secondly, on the 1-in-250 number, I think when you revealed this last year, compared to property Nat Cat, cyber was maybe a 10% bigger number compared to the natural catastrophe 1-in-250 . Can you just give us an idea of how the updated cyber 1-in-250 compares to the latest view on property? Thanks.
On the, I'll take this. Thanks, Phil. I'll take the second question first. I don't have the direct comparison to hand, and we can follow up with that. But what I can tell you is, the property numbers have been pretty stable, and the cyber ones come down. So they've moved closer together on those metrics that we showed you previously. And then on the first question.
Yeah, I think the rate change of the 6% is consistent with how we measure it across the board. And I will maybe say that the 10% is probably on a cumulative basis, so I will suggest that you pick up with Sarah and the IR team afterwards. But it's depending on what is the basis of the way that you measure the rate changes. And as I said, I believe what you're looking at is on a cumulative basis.
Okay, sure. Thank you.
Thanks.
Thank you. With this, I'm going to hand the call back over to Barbara for any additional or closing remarks. Would you mind?
Thank you very much. I will say that we hereby conclude our session on cyber risk today. Thank you very much for dialing in.