Events like the recent WannaCry ransomware attack show just how far-reaching a cyber attack can be, and cyber’s ability to impact property insurance lines is expanding and needs to be addressed, according to Lockton’s property risk cyber expert in New York, Jared Wosleger.
“Just one cyber event can cause multiple losses in unanticipated ways. Unlike a wind event, which poses a threat to a specific region or number of locations, a cyber-attack poses a serious aggregation issue that can be a catastrophe waiting to happen,” said Wosleger, in a recent white paper, ‘From Third to First: A Game-Changing Play in Cyber Risk.’
The WannaCry attack was felt in numerous countries and across numerous industries, including the UK National Health Service (NHS), FedEx, Germany’s railway system, and so on. Lockton explains that while cyber has an impact on all businesses, it can also have an impact on all insurance business lines.
Co-author of the white paper and Lockton’s London expert on technology and privacy risk, Max Perkins, states that although insurance firms historically haven’t viewed cyber as a property issue, the risk is increasing and companies need to take steps to educate themselves on the issue.
“Companies must work to better understand their cyber exposures as boards and shareholders focus more on this threat and the public perception that the playing field favours the attackers. In order to aid this process, insurance carriers continue to adjust their appetites to take on cyber risk, with the property insurance market being the first of the traditional markets to move,” said Perkins.
Adding complexity and uncertainty to the issue is the changing intent of hackers. Now, explains Lockton, hackers have political and terroristic motives for carrying out a cyber attack, as well as criminal intent.
Lockton’s experts urge property underwriters to pay attention to the risk as it increases, and just like the evolution of the property market, “cyber risk must develop with the landscape to meet critical business needs.”
Attacks on physical devices and assets is also on the rise, warns Lockton, driven by the rise of the Internet of Things (IoT) that enables people to remotely connect to devices making them exposed to physical attacks.
Lockton warns that those companies that do not take the necessary measures to mitigate their cyber risk can be exposed to a range of first-party consequences, such as property damage, network interruption, data corruption, theft of intellectual property, cyber extortion, and reputational damage.
The risks are multiplying in the cyber risk property space, and Lockton calls for “aggressive action” and innovation to mitigate the exposures.