Re/insurance broker and risk management solutions firm Marsh has committed to addressing the growing threat of business interruption (BI) from cyber-attacks with the launch of a suite of new and enhanced risk analytics and insurance solutions.
Demand for BI solutions has grown in response to high-profile cyber events like the WannaCry and NotPetya attacks, which brought to light the potential for emerging cyber threats to cause disruption and economic losses.
Marsh’s new cyber BI suite will employ proprietary insurance wording and risk assessment analytics to help clients better quantify and mitigate cyber risks that could impact their operations, disrupt supply chains, or cause financial and physical damage.
The suite will aim to provide organisations with critical insight into their cyber exposures and inform their decision-making by evaluating risk mitigation efforts, setting insurance limits, and providing benchmarking capabilities and BI loss modelling.
Thomas Reagan, leader of Marsh’s U.S Cyber Practice, said: “Despite years of investment in cybersecurity technology, cyber risk continues to be one of the top concerns for global business leaders.
“Recent events such as the NotPetya malware demonstrate that business interruption risk – and the associated potential for economic loss – is a different order of magnitude than what has come before; and the risk is still growing.
“Existing assessment tools and insurance solutions have not kept pace with fast-evolving nature of cyber risk, particularly the critical issue of business interruption risk.
“With the launch of our integrated suite of new and enhanced cyber BI solutions, Marsh is responding to our clients’ request for tailored, next generation, and practical tools to help them measure and manage cyber business interruption risk.”
Marsh already provides broad coverage for critical cyber risks like BI, the Internet of Things (IoT), and breach of the EU General Data Protection Regulation (GDPR) through its Cyber CAT 3.0, an innovative policy that is backed by $2 billion in total potential capacity.
This policy can be expanded with additions that cover more specific cyber risks like reputational loss, IoT device ‘bricking’, and costs for post-event computer system upgrades and rebuilding expense.