Telescope
Telescope

New risks are changing how data centers are insured

Read time: 4 minutes

The fast growth of large data centers to support AI is creating risks that standard insurance was not designed to cover. Hyperscale data centers are large sites built to handle rising AI and cloud computing demands. Because so much activity is concentrated in one place, a single site can carry many serious risks, including cyber incidents, power outages, physical damage and global security threats. As a result, a serious event could cause very large losses, creating too much concentrated exposure for insurers to absorb alone.

At the same time, banks and other lenders usually require full insurance cover before releasing funds. Where full cover is unavailable, projects can stall before construction begins. This has opened a gap in insurance coverage. In response, insurers and brokers are looking at new ways to transfer extreme risk to the capital markets. These approaches are designed to sit alongside traditional insurance and reinsurance rather than replace them.

Hand opening a door

The fast growth of large data centers to support AI is creating risks that standard insurance was not designed to cover. Hyperscale data centers are large sites built to handle rising AI and cloud computing demands. Because so much activity is concentrated in one place, a single site can carry many serious risks, including cyber incidents, power outages, physical damage and global security threats. As a result, a serious event could cause very large losses, creating too much concentrated exposure for insurers to absorb alone.

At the same time, banks and other lenders usually require full insurance cover before releasing funds. Where full cover is unavailable, projects can stall before construction begins. This has opened a gap in insurance coverage. In response, insurers and brokers are looking at new ways to transfer extreme risk to the capital markets. These approaches are designed to sit alongside traditional insurance and reinsurance rather than replace them.

Why does this matter?

The shift matters for many organizations active in this space.

  • Lenders need confidence that catastrophic risk is adequately covered before lending capital.
  • Insurers face hard limits on how much exposure they can hold onto on their balance sheets.
  • Developers and hyperscalers are facing pressure to show that projects are safe enough to finance, while carrying more risk that cannot be insured.
  • Investors, including private equity and institutional capital, are being asked to step in where insurance capacity falls short.

By using alternative capital structures, such as insurance linked securities (ILS), catastrophe bond type arrangements and reinsurance sidecars, insurers are aiming to move the biggest risks to investors. Investors accept these risks in exchange for higher returns and their capital provides the extra insurance cover banks need, so projects can continue.

How is the market responding?

The growing use of alternative capital is not a new approach. Insurers are reusing tools they already use for natural disasters and seeing whether those tools could also work for large data centers. In the past, insurers have relied on third-party capital to help cover very large and rare losses, such as earthquakes or other natural disasters. That capital usually sits alongside traditional reinsurance and helps insurers manage risks that are too big to carry alone. The question now is whether these same methods can work for data centers, which are developing similarly high and concentrated risk profiles. The market is starting to test options including:

  • reinsurance sidecars, to bring in investor money to help cover extreme loss scenarios
  • captives, often used by hyperscalers, to allow companies to insure part of their own risk when outside insurance is too limited or too expensive
  • parametric solutions that pay out when a defined event happens, such as a long power outage, rather than after proving actual loss, making payments faster and more predictable, which can operate on a standalone basis or act as triggers within ILS style structures.

Looking ahead

Regulators around the world are increasingly alert to the importance of data centers, but official frameworks have not kept pace with the insurance implications.

Click the icons for more info.

North America

US

Explore more info from this region

Read more
UK

UK

Explore more info from this region

Read more
Europe

EU

Explore more info from this region

Read more
Middle East and Asia

Middle East & Asia

Explore more info from this region

Read more

Taken together, these developments point to a clear regulatory gap. Data centers are treated as critical assets, but there is still no clear policy on how their risks should be insured. That gap has practical consequences. Without clear regulatory backing, agreed risk sharing frameworks or reliable ways to model potential losses, traditional insurers are likely to respond by tightening policy terms with stricter conditions, restricting cover and requiring that clients bear more risk themselves. At the same time, global instability is making data center risk harder to manage. As data centers are treated as critical infrastructure, relevant risks extend beyond cyber incidents and power outages to include physical damage and global security threats. There is also greater focus on physical damage, disruption to connectivity and risks linked to security issues. These risks (and others) are harder to predict and model, calling for new and creative approaches toward insurance cover.

Authors

Mark Chester

Mark Chester Partner & Co-Head of Data Centres (International)

View profile
Albert Yuen

Albert Yuen Head of Technology, Data & Cyber Security, Asia

View profile
Martin Mankabady

Martin Mankabady Partner

View profile
Kirath Bharya

Kirath Bharya Knowledge Lawyer

View profile

In this edition

In this edition

Data Centre

Spotlight on Germany’s data center build-out—accelerating demand and regulatory pressure

Read time: 4 minutes

Read more
Inside a Data Centre

Data centers are no longer “infrastructure”—they are reshaping industrial M&A

Read time: 4 minutes

Read more
CPU Chip

Navigating EU tech regulation: what data centers must do now to manage risk and rising expectations

Read time: 4 minutes

Read more
Solar Panels on a roof

Power under pressure: what AI data centers need from the next energy era

Read time: 4 minutes

Read more
Building SIte

Making sure the contract fits the asset: construction risk in data centers

Read time: 4 minutes

Read more
Cyber Security

New risks are changing how data centers are insured

Read time: 4 minutes

Read more

Previous page

Next page

Arrow

© Eversheds Sutherland. All rights reserved. Eversheds Sutherland is a global provider of legal and other services operating through various separate and distinct legal entities. Eversheds Sutherland is the name and brand under which the members of Eversheds Sutherland Limited (Eversheds Sutherland (International) LLP and Eversheds Sutherland (US) LLP) and their respective controlled, managed and affiliated firms and the members of Eversheds Sutherland (Europe) Limited (each an "Eversheds Sutherland Entity" and together the "Eversheds Sutherland Entities") provide legal or other services to clients around the world. Eversheds Sutherland Entities are constituted and regulated in accordance with relevant local regulatory and legal requirements and operate in accordance with their locally registered names. The use of the name Eversheds Sutherland, is for description purposes only and does not imply that the Eversheds Sutherland Entities are in a partnership or are part of a global LLP. The responsibility for the provision of services to the client is defined in the terms of engagement between the instructed firm and the client.

Connect with us

linkedin logo
facebook icon
youtube icon