Recognising cyber as one of the most significant systemic and emerging risks, Lloyd’s and the Association of British Insurers (ABI) have jointly published a guide to help re/insurers define major events and identify key factors to consider.
According to Lloyd’s and the ABI, the dynamic nature of cyber threats necessitates ongoing dialogue and adaptation.
Written by senior cyber (re)insurance leaders, the paper, ‘Components of a Major Cyber Event: A (Re)Insurance Approach’ is said to represent a joint effort to build shared approaches across the industry.
As per the report, the steps that need to be considered, and given varying degrees of emphasis, when defining a major cyber event include:
WHO is responsible for the event and whether their intentions were malicious or not? WHAT was the cause of loss? WHERE did it occur geographically, in the digital ecosystem and the insured population? WHEN did the event start and how long did it last for? HOW did the cyber event spread – was it manual or automatic? WHY did the event occur, was the motive for financial or political gain? IMPACT quantified as monetary loss.
While each provider’s definition may vary depending on their commercial approaches, the framework will reportedly help streamline this process by grouping, categorising, and systematically analysing cyber incidents for various purposes, such as risk assessment and aggregation.
“By consolidating these insights, the aim has been to facilitate a deeper understanding and encourage collaborative efforts to address the ever-changing challenges in the cyber risk landscape,” the joint report said.
Rachel Turk, Lloyd’s Chief Underwriting Officer, commented, “With over a fifth of global cyber insurance being placed at Lloyd’s, a shared understanding of the approaches to defining a major cyber event is crucial for quantifying risks and for developing risk mitigation strategies.
“A robust framework for defining the components of major cyber events will ultimately enhance the resilience of the insurance industry in the face of ever-growing cyber threats, and this paper takes us a step closer to that goal.”
Mervyn Skeet, Director of General Insurance Policy at the ABI, added, “The emerging and incredibly complex nature of cyber threats are a crucial challenge to our industry. There is no one single definition of a major cyber event, and history does not yet provide enough evidence to build one.
“However, getting ahead of these threats and understanding the risk they pose is where our industry excels.
“By collaborating with Lloyd’s, we’ve been able to develop a framework and a consistent set of components for firms to consider when trying to build their own definitions. This should provide more certainty for insurers, government and customers.”
