The insurance and reinsurance industry loss caused by the Petya / NotPetya cyber attack continues to creep northwards and shows that these types of cyber events are driven more by silent losses than affirmative.
According to Property Claim Services (PCS) the total industry loss from the Petya / NotPetya cyber attack has now passed $3 billion, roughly 90% of which was driven by silent cyber impacts, the remainder from affirmative losses.
In fact one major corporates exposure to the cyber attacks has now driven $2 billion of this industry loss, as pharmaceutical giant Merck & Co. has experienced a $1.75 billion silent cyber loss and a $250 million affirmative loss as well from Petya related impacts, according to PCS’ estimates.
In addition, three more losses caused by the Petya / NotPetya cyber attack have resulted in over $100 million each of impacts to insurers and reinsurers and total $1 billion together.
That gives the $3 billion industry loss, up from the $2.7 billion we revealed in May, and we understand is likely to rise further at the next update to the estimate by PCS.
The creeping silent cyber exposure was covered in an interview with Tom Johansmeyer of PCS, over at our sister publication Artemis article, which explained why the Petya / NotPetya loss could be particularly worrisome for the industry.
That appears to be the case now, as this escalating cyber risk industry loss has been largely emanating from property covers that include business interruption and cyber events have triggered those layers of risk transfer.
As a result, the large proportion of the Petya related cyber attack impacts to re/insurers have been driven by policies that were never explicitly designed to cover cyber attacks in the first place, reflecting the need for re/insurers to protect themselves against these types of cyber loss events.
PCS said that as well as the property insurance related BI claims, it is also aware of some claims under errors & omissions (E&O) and also kidnap and ransom (K&R) policies, although these are much smaller contributors to the silent component of this cyber loss.
In projecting the way the Petya / NotPetya cyber loss will break down by industry, PCS believes that at least 54% will be driven by the pharmaceutical sector, 20% by manufacturing and the rest of consumer businesses, professional services and other miscellaneous industries.
PCS highlights how these silent cyber impacts could surprise insurance and reinsurance markets in the future, musing over a much larger event and how the way losses impact property portfolios could cause some issues in a year where catastrophe losses also bite.
As a result, PCS believes more capacity will be required to meet the growing silent cyber threat, although what is also likely required is more efforts to ensure it is covered by specific policies, rather than able to leak more broadly into reinsurance portfolios through other business lines.