The COVID-19 pandemic has compounded cyber risk and should cause re/insurers to rethink and enhance their stress tests, according to analysts at AM Best.
The rating agency noted a significant uptick in ‘spoofing’ attacks, with hackers posing as figures from the World Health Organization (WHO) or the Centers for Disease Control (CDC).
And other attacks have been geographically targeted using local events, with surges following the first virus death in the US, the announcement of an international travel ban, and the 100,000th death.
The FBI has also warned of an increase in certain types of cyber attacks, such as business fail compromise, owing to the pandemic.
Microsoft reports that, globally, COVID-19-related cyber attacks peaked in the first half of March, but is less certain that the total number of attacks is actually rising.
But the company believes that would-be attacks have been repurposed for COVID-19, based on the view that the number of global malware attacks has not differed significantly compared to before the pandemic.
AM Best observed further exposure to risk from remote working, FCC text scams, and robocalls to business phones, where cyber insurance carriers could be liable.
Analysts urged re/insurers to apply the lessons from the pandemic to their cyber stress testing, noting similarities such as the lack of geographical boundaries between both threats.
Both can also affect supply chains and incur devastating losses for business interruption, contingent business interruption, trade credit, and professional liability.
Like COVID-19, cyber attacks may entail many asymptomatic cases, as people may not realize their systems are infected until long after the damage is done, and coverage ambiguities may be similar as well.
Additionally, the economic impact can be more severe—because of the pandemic, people have been communicating and working remotely, which a cyber attack may hinder, or even stop.
And given the growth in inter-connectedness, a cyber attack may spread faster than a pandemic.
“Cyber attacks are becoming more sophisticated, and businesses are constantly playing catch-up with cyber criminals,” AM Best stated. “Being aware about vulnerabilities—and the economic and operational impacts of those vulnerabilities—will help insurers and reinsurers provide appropriate coverage.”
“Risk management practices such as a cautious risk appetite, cyber risk limits, risk modeling, and stress testing, along with a prudent allocation of capital and reinsurance partnerships, will help prepare for unexpected shocks when they occur.”
