Call For Public-Private Cyber-Catastrophe Reinsurance Scheme In The UK

Public-Private Cyber-Catastrophe

The increasing risks from cyber threat could result in the United Kingdom (and other countries) being exposed to “catastrophic consequences” that could never be covered by existing insurance cover – with single event estimates ranging from between £2 billion to £20 billion ($3 to $30 billion). However, a public-private cyber-catastrophe reinsurance scheme would help the UK cyber-industry flourish by accelerating the much-needed growth of cyber insurance.

According to a newly released report prepared by the London-based Z/Yen Group, cyber-risk has the very real potential to be “the biggest, most systemic risk” ever. In addition to being systemic, it is also financial. And as we move towards “the fabled” Internet of Things (IoT), this risk will grow exponentially. Whether computer outages are caused by power failure, a super solar storm, or cyber-terrorism, the results could result in massive business interruptions and property damage that the insurance industry simply won’t be in a position to cover.

“Our potential nightmares range from destruction of the contents of all freezers, to massive pile-ups of autonomous vehicles, to interference with medical devices implanted in people,” says Stephen Caitlin, Executive deputy chairman of XL Caitlin in the foreword of the report.

While insurance plays a major role when it comes to managing major risks (fire, flood, theft, aviation, shipping, automotive, employer’s liability and so on), the system and global nature of cyber-risk restricts the ability of insurers to manage this risk, he says. While expected by regulators to manage their balance sheets, Insurance Companies acknowledge that these balance sheets simply aren’t big enough to pay for “a true cyber-catastrophe.”

While insurers and reinsurers shouldn’t be afraid to add “real risk” to their balance sheets, if the risk is not “containable” then they aren’t going to be able to honor their promise to pay out, Caitlin maintains.

Following a four-month study

  • Considers and discusses the nature of cyber-risk together with potential cyber-catastrophes, and
  • Recommends a public-private cyber-catastrophe reinsurance scheme for the UK that will help insurers tackle the problems of cyber-risk proactively.

Additionally, it examines a number of reported cyber attacks from 2007 to 2014, in Estonia, Myanmar, Iran, the US, and Germany. It also compares terrorism risk insurance programs in Australia, France, Germany and the UK.

The Real Threat of Cyber Attack

There is no contest that the prosperity of the UK (and other countries) depends on information and communications technology (ICT) in an increasingly cyber-based world. However, as dependence on “cyber” worldwide grows, cyber attacks are becoming more sophisticated, more common, and more damaging.

But as real as cyber-risk is, the extent of cyber-attack and the damage done isn’t known since many victims don’t publicize attacks. In fact, as the report points out, many individuals don’t have any knowledge of daily hacking attempts made on their own computer systems, never mind the infrastructures and utilities that support these systems.

Cyber Risk and Cyber Insurance

While traditional risk management relies on “reasonable estimates of impact and likelihood,” the concept of cyber insurance is limited. There is some cover available in the UK, but there are also cyber attack exclusion clauses. A major problem is that one single cyber event can trigger multiple claims by a number of clients, all of whom have different insurance policies. Similarly, a single cyber event can draw attention to past cyber attacks, and this could trigger multiple claims across multiple underwriters. This aggregation of claims in the event of some sort of cyber-catastrophe would prevent the ability of insurers to underwrite business interruption costs, regular property damage, and third part liability cover (which would include cyber).

A report by the UK Government and Marsh, released in March this year, considered the role of insurance in managing and mitigating the risks of UK cyber security. It found that without reinsurers, insurers find it difficult to write cyber insurance. At the same time, reinsurers need “significant scale” if the pooling effects are going to make reinsurance possible.

As the risks of cyber attack continue to grow at an increasingly rapid rate, the traditional insurance tools (shared learning and risk management) must be grown quickly and deployed the Z/Yen Group report states. Ultimately, cyber-catastrophe reinsurance is essential for business interruption, property damage, and third party liabilities.

The report suggests that a public-private scheme could be new, or it could be implemented as an extension to the existing Pool Re for terrorism. Either way it was improve the cyber resilience of the UK and improve its competitiveness as “an attractive economy to locate cyber business.”

By Penny Swift

Byod.png
The Backup.png
Disaster Plan.png
Cloud For Dummies.png
A.i Robot Brain
The Tesla Bot A few weeks ago Tesla unveiled the latest mad creation spawned from the head of Elon Musk at their most recent AI conference. Previous greatest hits include “why can't we reuse our ...
Jen Klostermann
The Fintech Landscape The Nitty Gritty Although the COVID-19 pandemic has highlighted its existence, most of us have been using fintech in some form or another for quite some time. It’s a big part of ...
Ronald van Loon
Choosing The Right Data Career Path I am a firm believer that data is shaping the world around us and so I constantly strive to drive awareness about the value of data and how it ...
Rahul
Cloud Foundry vs Kubernetes Cloud platforms and technologies allow developers and software engineers to build and deploy systems, applications, and services that can be accessed from anywhere across the globe and ones that can scale ...
Gary Bernstein
Using Data to Gain Advantages Data collection is now omnipresent in every sector of the global economy. Several aspects of modern economic activity would not be possible without it, just as it would not be ...