Call For Public-Private Cyber-Catastrophe Reinsurance Scheme In The UK

Public-Private Cyber-Catastrophe

The increasing risks from cyber threat could result in the United Kingdom (and other countries) being exposed to “catastrophic consequences” that could never be covered by existing insurance cover – with single event estimates ranging from between £2 billion to £20 billion ($3 to $30 billion). However, a public-private cyber-catastrophe reinsurance scheme would help the UK cyber-industry flourish by accelerating the much-needed growth of cyber insurance.

According to a newly released report prepared by the London-based Z/Yen Group, cyber-risk has the very real potential to be “the biggest, most systemic risk” ever. In addition to being systemic, it is also financial. And as we move towards “the fabled” Internet of Things (IoT), this risk will grow exponentially. Whether computer outages are caused by power failure, a super solar storm, or cyber-terrorism, the results could result in massive business interruptions and property damage that the insurance industry simply won’t be in a position to cover.

“Our potential nightmares range from destruction of the contents of all freezers, to massive pile-ups of autonomous vehicles, to interference with medical devices implanted in people,” says Stephen Caitlin, Executive deputy chairman of XL Caitlin in the foreword of the report.

While insurance plays a major role when it comes to managing major risks (fire, flood, theft, aviation, shipping, automotive, employer’s liability and so on), the system and global nature of cyber-risk restricts the ability of insurers to manage this risk, he says. While expected by regulators to manage their balance sheets, Insurance Companies acknowledge that these balance sheets simply aren’t big enough to pay for “a true cyber-catastrophe.”

While insurers and reinsurers shouldn’t be afraid to add “real risk” to their balance sheets, if the risk is not “containable” then they aren’t going to be able to honor their promise to pay out, Caitlin maintains.

Following a four-month study

  • Considers and discusses the nature of cyber-risk together with potential cyber-catastrophes, and
  • Recommends a public-private cyber-catastrophe reinsurance scheme for the UK that will help insurers tackle the problems of cyber-risk proactively.

Additionally, it examines a number of reported cyber attacks from 2007 to 2014, in Estonia, Myanmar, Iran, the US, and Germany. It also compares terrorism risk insurance programs in Australia, France, Germany and the UK.

The Real Threat of Cyber Attack

There is no contest that the prosperity of the UK (and other countries) depends on information and communications technology (ICT) in an increasingly cyber-based world. However, as dependence on “cyber” worldwide grows, cyber attacks are becoming more sophisticated, more common, and more damaging.

But as real as cyber-risk is, the extent of cyber-attack and the damage done isn’t known since many victims don’t publicize attacks. In fact, as the report points out, many individuals don’t have any knowledge of daily hacking attempts made on their own computer systems, never mind the infrastructures and utilities that support these systems.

Cyber Risk and Cyber Insurance

While traditional risk management relies on “reasonable estimates of impact and likelihood,” the concept of cyber insurance is limited. There is some cover available in the UK, but there are also cyber attack exclusion clauses. A major problem is that one single cyber event can trigger multiple claims by a number of clients, all of whom have different insurance policies. Similarly, a single cyber event can draw attention to past cyber attacks, and this could trigger multiple claims across multiple underwriters. This aggregation of claims in the event of some sort of cyber-catastrophe would prevent the ability of insurers to underwrite business interruption costs, regular property damage, and third part liability cover (which would include cyber).

A report by the UK Government and Marsh, released in March this year, considered the role of insurance in managing and mitigating the risks of UK cyber security. It found that without reinsurers, insurers find it difficult to write cyber insurance. At the same time, reinsurers need “significant scale” if the pooling effects are going to make reinsurance possible.

As the risks of cyber attack continue to grow at an increasingly rapid rate, the traditional insurance tools (shared learning and risk management) must be grown quickly and deployed the Z/Yen Group report states. Ultimately, cyber-catastrophe reinsurance is essential for business interruption, property damage, and third party liabilities.

The report suggests that a public-private scheme could be new, or it could be implemented as an extension to the existing Pool Re for terrorism. Either way it was improve the cyber resilience of the UK and improve its competitiveness as “an attractive economy to locate cyber business.”

By Penny Swift

Karen Gondoly

Lessons Learned When Moving to the Cloud

Moving to the Cloud Lessons At Leostream, we work with organizations around the globe that are moving workloads to the cloud. These organizations span a ...
David Friend

Cloud 2.0 will not be Ushered in by AWS or other Cloud Giants

Cloud 2.0 Trends Amazon, Google, and Microsoft are all pursuing similar business strategies: they want it all. ‘It,’ in this case, means the entire IT ...
Kayla Matthews

The California Consumer Privacy Act: What You Should Know

The California Consumer Privacy Act GDPR or the European Union’s General Data Protection Regulation effectively altered the way that businesses interact with European citizens. It ...
Steve Prentice

Episode 5: How the Pandemic is Changing Business and the Cloud

An Interview with Ed Dryer of Steadfast With the global pandemic wreaking havoc on business and society, everything is changing. Ed Dryer, Senior Technology Strategist ...
Steve Prentice

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think. In his new book, author David Friend refers to the ...
Jeremy Daniel

Find Competitive Advantage through AWS by Partnering With The Experts

Setting up your cloud configuration is too important to not involve the experts MediaTemple & CloudTweaks Thought Leadership Brand Series So many great business ideas ...
Kaylamatthews

How AI Can Keep Documents Secure During the Age of Remote Work

Keeping Documents Secure While remote In response to the COVID-19 pandemic, global businesses have restructured operations to accommodate remote work and telecommuting. Humanity has collectively ...
Eddie Segal

Kubernetes on AWS: Tips for Cloud-Native Development

Kubernetes AWS Tips Kubernetes is a container orchestration and management tool that automates container deployment. Kubernetes is mainly used in the cloud. A recent survey ...
Machine

Machine Learning: The Importance of Actionable Data

The Importance of Actionable Data How awesome would it be to know for sure exactly what your customers want to see from your business? Imagine ...
Bruce Guptill

Resolving IT-Finance Asynchronization on Cloud Improvements

Resolving IT-Finance Asynchronization While CIO-CFO communications and alignment may never seem better, what is considered to be C-level, strategic “alignment” increasingly obscures realities that keep ...