A new study from the Swiss Re Institute says that the insurance industry needs to adopt a new approach to cyber business amidst a changing landscape.
The twenty-nine-page report, Cyber Insurance: Strengthening Resilience for the Digital Transformation, says that not only have cyber risk risen alongside geopolitical, economic instability, and reliance on digital technologies, but that the risk landscape is moving fast. But at the same time, it says that cyber risk ‘does not meet all the characteristics of insurability, limiting the potential growth of the market’.
The authors of the report write: “The world of today is one of increasing geopolitical and economic instability. This has many drivers, most prominently the war in Ukraine and simmering tensions between the US and China. With many facets of life going increasingly digital contemporaneously, the spectre of cyberattacks looms large.
“The prospect of a state-sponsored or private attack on another country/region with catastrophic fallout is very real. It could take the form of an attack on infrastructure facilities such as power grids or key communication systems, among others. The resulting losses from a systemic cyber event could be very large, impacting companies, the broader economy, and society at large.”
So far, they wrote, there has not been a systemic incident. Nevertheless, they add, the cyber risk landscape is evolving fast with ransomware incidents and cybersecurity worries being at an all-time high.
They added: “McAfee estimates global monetary losses from cybercrime in 2020 at around USD 945 billion. Attacks have become more sophisticated. Hackers now use “triple extortion” techniques, and ransomware-as-a-service has lowered entry barriers to rogue actors. Small and medium-sized enterprises (SME) with little defence capacity have become easy targets for cyber criminals, while digitalisation of industries including the healthcare and critical infrastructure sectors, has increased vulnerabilities across entire supply chains.”
At the same time, cyber risk still does not mee the characteristics of insurability, says Swiss Re Institute.
The report’s authors wrote: “Some of today’s cyber risks do not fully meet the typical characteristics of insurability. Most notably, the aggregation of losses could quickly and significantly impair diversification and/or challenge market capacity. The risk is hard to quantify because of immature data and a lack of model consensus. Limited insurability restrains capacity despite growing demand, creating challenges for market growth in the longer term. To address these limitations, more cyber talent, standardised data, better modelling, greater contract consistency and new sources of capital are needed. Likewise, there is scope to consider opportunities for new types of public-private risk sharing mechanisms.
“These measures can help mitigate overall exposures, improve risk understanding and help make society more resilient to attacks with devastating and potentially systemic consequences. The human and networked nature of cyber means the risk will continually evolve and require a coordinated response. Enhancing resilience will require collaboration between corporations, insurers and governments.”
