Call For Public-Private Cyber-Catastrophe Reinsurance Scheme In The UK

Public-Private Cyber-Catastrophe

The increasing risks from cyber threat could result in the United Kingdom (and other countries) being exposed to “catastrophic consequences” that could never be covered by existing insurance cover – with single event estimates ranging from between £2 billion to £20 billion ($3 to $30 billion). However, a public-private cyber-catastrophe reinsurance scheme would help the UK cyber-industry flourish by accelerating the much-needed growth of cyber insurance.

According to a newly released report prepared by the London-based Z/Yen Group, cyber-risk has the very real potential to be “the biggest, most systemic risk” ever. In addition to being systemic, it is also financial. And as we move towards “the fabled” Internet of Things (IoT), this risk will grow exponentially. Whether computer outages are caused by power failure, a super solar storm, or cyber-terrorism, the results could result in massive business interruptions and property damage that the insurance industry simply won’t be in a position to cover.

“Our potential nightmares range from destruction of the contents of all freezers, to massive pile-ups of autonomous vehicles, to interference with medical devices implanted in people,” says Stephen Caitlin, Executive deputy chairman of XL Caitlin in the foreword of the report.

While insurance plays a major role when it comes to managing major risks (fire, flood, theft, aviation, shipping, automotive, employer’s liability and so on), the system and global nature of cyber-risk restricts the ability of insurers to manage this risk, he says. While expected by regulators to manage their balance sheets, Insurance Companies acknowledge that these balance sheets simply aren’t big enough to pay for “a true cyber-catastrophe.”

While insurers and reinsurers shouldn’t be afraid to add “real risk” to their balance sheets, if the risk is not “containable” then they aren’t going to be able to honor their promise to pay out, Caitlin maintains.

Following a four-month study

  • Considers and discusses the nature of cyber-risk together with potential cyber-catastrophes, and
  • Recommends a public-private cyber-catastrophe reinsurance scheme for the UK that will help insurers tackle the problems of cyber-risk proactively.

Additionally, it examines a number of reported cyber attacks from 2007 to 2014, in Estonia, Myanmar, Iran, the US, and Germany. It also compares terrorism risk insurance programs in Australia, France, Germany and the UK.

The Real Threat of Cyber Attack

There is no contest that the prosperity of the UK (and other countries) depends on information and communications technology (ICT) in an increasingly cyber-based world. However, as dependence on “cyber” worldwide grows, cyber attacks are becoming more sophisticated, more common, and more damaging.

But as real as cyber-risk is, the extent of cyber-attack and the damage done isn’t known since many victims don’t publicize attacks. In fact, as the report points out, many individuals don’t have any knowledge of daily hacking attempts made on their own computer systems, never mind the infrastructures and utilities that support these systems.

Cyber Risk and Cyber Insurance

While traditional risk management relies on “reasonable estimates of impact and likelihood,” the concept of cyber insurance is limited. There is some cover available in the UK, but there are also cyber attack exclusion clauses. A major problem is that one single cyber event can trigger multiple claims by a number of clients, all of whom have different insurance policies. Similarly, a single cyber event can draw attention to past cyber attacks, and this could trigger multiple claims across multiple underwriters. This aggregation of claims in the event of some sort of cyber-catastrophe would prevent the ability of insurers to underwrite business interruption costs, regular property damage, and third part liability cover (which would include cyber).

A report by the UK Government and Marsh, released in March this year, considered the role of insurance in managing and mitigating the risks of UK cyber security. It found that without reinsurers, insurers find it difficult to write cyber insurance. At the same time, reinsurers need “significant scale” if the pooling effects are going to make reinsurance possible.

As the risks of cyber attack continue to grow at an increasingly rapid rate, the traditional insurance tools (shared learning and risk management) must be grown quickly and deployed the Z/Yen Group report states. Ultimately, cyber-catastrophe reinsurance is essential for business interruption, property damage, and third party liabilities.

The report suggests that a public-private scheme could be new, or it could be implemented as an extension to the existing Pool Re for terrorism. Either way it was improve the cyber resilience of the UK and improve its competitiveness as “an attractive economy to locate cyber business.”

By Penny Swift

Gary Taylor

Addressing 5 Key Risks for the Hybrid Worker

Hybrid Worker Risks Organizations are under pressure to secure their remote workers, but they are also worried about the potential impact on user experience. Can they have it both ways without compromise? The pandemic has ...
Gary Taylor

6 Organizational Challenges for Cloud Services

Cloud Service Challenges Organizations have rapidly come to the realization that digital cloud services make a compelling business case for helping them navigate this difficult pandemic year. The market for cloud services is expected to ...
Alex Tkatch

Dare to Innovate: 3 Best Practices for Designing and Executing a New Product Launch

Best Practices for Designing and Executing a Product Launch Nothing in entrepreneurial life is more exciting, frustrating, time-consuming and uncertain than launching a new product. Creating something new and different can be exhilarating, assuming everything ...
Bruce Guptill

How CFOs and CIOs See Finance Management Priorities

Cloud and the Finance-IT Effectiveness Gap IT leaders today tend to be much better aligned with business and operational leaders and business goals than they were just five years ago. Unfortunately, they are still not ...
Meta Data

Data-Driven PPC and The Benefits Of Drilling Down On The Data

Drilling Down On Big Data Running a pay per click campaign for your business, which isn’t driven by detailed metrics, offers no more than the hit-and-hope approach which a billboard in the 80’s may have ...
Gary Bernstein

5 Popular Telemedicine Software Services

Telemedicine Software Since the beginning of the Covid-19 pandemic, telemedicine software services have become extremely popular, and every day more people are using this service instead of going to hospitals and emergency departments as they ...