Call For Public-Private Cyber-Catastrophe Reinsurance Scheme In The UK

Public-Private Cyber-Catastrophe

The increasing risks from cyber threat could result in the United Kingdom (and other countries) being exposed to “catastrophic consequences” that could never be covered by existing insurance cover – with single event estimates ranging from between £2 billion to £20 billion ($3 to $30 billion). However, a public-private cyber-catastrophe reinsurance scheme would help the UK cyber-industry flourish by accelerating the much-needed growth of cyber insurance.

According to a newly released report prepared by the London-based Z/Yen Group, cyber-risk has the very real potential to be “the biggest, most systemic risk” ever. In addition to being systemic, it is also financial. And as we move towards “the fabled” Internet of Things (IoT), this risk will grow exponentially. Whether computer outages are caused by power failure, a super solar storm, or cyber-terrorism, the results could result in massive business interruptions and property damage that the insurance industry simply won’t be in a position to cover.

“Our potential nightmares range from destruction of the contents of all freezers, to massive pile-ups of autonomous vehicles, to interference with medical devices implanted in people,” says Stephen Caitlin, Executive deputy chairman of XL Caitlin in the foreword of the report.

While insurance plays a major role when it comes to managing major risks (fire, flood, theft, aviation, shipping, automotive, employer’s liability and so on), the system and global nature of cyber-risk restricts the ability of insurers to manage this risk, he says. While expected by regulators to manage their balance sheets, Insurance Companies acknowledge that these balance sheets simply aren’t big enough to pay for “a true cyber-catastrophe.”

While insurers and reinsurers shouldn’t be afraid to add “real risk” to their balance sheets, if the risk is not “containable” then they aren’t going to be able to honor their promise to pay out, Caitlin maintains.

Following a four-month study

  • Considers and discusses the nature of cyber-risk together with potential cyber-catastrophes, and
  • Recommends a public-private cyber-catastrophe reinsurance scheme for the UK that will help insurers tackle the problems of cyber-risk proactively.

Additionally, it examines a number of reported cyber attacks from 2007 to 2014, in Estonia, Myanmar, Iran, the US, and Germany. It also compares terrorism risk insurance programs in Australia, France, Germany and the UK.

The Real Threat of Cyber Attack

There is no contest that the prosperity of the UK (and other countries) depends on information and communications technology (ICT) in an increasingly cyber-based world. However, as dependence on “cyber” worldwide grows, cyber attacks are becoming more sophisticated, more common, and more damaging.

But as real as cyber-risk is, the extent of cyber-attack and the damage done isn’t known since many victims don’t publicize attacks. In fact, as the report points out, many individuals don’t have any knowledge of daily hacking attempts made on their own computer systems, never mind the infrastructures and utilities that support these systems.

Cyber Risk and Cyber Insurance

While traditional risk management relies on “reasonable estimates of impact and likelihood,” the concept of cyber insurance is limited. There is some cover available in the UK, but there are also cyber attack exclusion clauses. A major problem is that one single cyber event can trigger multiple claims by a number of clients, all of whom have different insurance policies. Similarly, a single cyber event can draw attention to past cyber attacks, and this could trigger multiple claims across multiple underwriters. This aggregation of claims in the event of some sort of cyber-catastrophe would prevent the ability of insurers to underwrite business interruption costs, regular property damage, and third part liability cover (which would include cyber).

A report by the UK Government and Marsh, released in March this year, considered the role of insurance in managing and mitigating the risks of UK cyber security. It found that without reinsurers, insurers find it difficult to write cyber insurance. At the same time, reinsurers need “significant scale” if the pooling effects are going to make reinsurance possible.

As the risks of cyber attack continue to grow at an increasingly rapid rate, the traditional insurance tools (shared learning and risk management) must be grown quickly and deployed the Z/Yen Group report states. Ultimately, cyber-catastrophe reinsurance is essential for business interruption, property damage, and third party liabilities.

The report suggests that a public-private scheme could be new, or it could be implemented as an extension to the existing Pool Re for terrorism. Either way it was improve the cyber resilience of the UK and improve its competitiveness as “an attractive economy to locate cyber business.”

By Penny Swift

Al Castle E911

Businesses Need E911 for Remote Employees

E911 for Remote Employees Remote working is no longer a luxury or a distant possibility – it’s the norm for enterprises around the world. The “trend” of telecommuting is not new; for example, the number ...
Ronald van Loon

The Secrets to a Successful Desktop-as-a-Service Approach

The Secrets to a Successful Desktop-as-a-Service Approach Organizations are under pressure to reinvent their business models and adopt new technologies and digital capabilities to manage challenging conditions and adapt to new remote work scenarios. By ...
Big Data Explosion

Developing Machine Learning-based Approach for Optimizing Virtual Agent (VA) Training

Optimizing Virtual Agent (VA) Training Achieve NLU model’s precision, recall & accuracy up to 78% The success of any Virtual Agent (VA) depends on the training of its Natural Language Understanding (NLU) model prior to ...
Data Web Accessibility

Protecting Yourself from the Rise in Ransomware this Holiday Season

Rise in Ransomware The Baltimore Public Schools system was already dealing with pandemic learning conditions when it was hit by a ransomware attack the day before Thanksgiving. School officials were calling it a "catastrophic attack ...
Yuri Sagalov

IT Culture Clash Where Employees Use Multiple Devices To Collaborate

Employees use multiple devices to collaborate It used to be that company IT decision makers could simply dictate the software that business units would use. However, in today’s business the IT culture clash where employees ...
Martin Mendelsohn

Who Should Protect Our Data?

Who Should Protect Our Data in The Cloud? You would think that cloud service providers are safe havens for your personal data – they all have a ‘security’ component embedded into their offerings and claim ...