Swiss Re CEO Christian Mumenthaler has said that he is “not too surprised at all” that cyber criminals were able to successfully target and disrupt the operations of Colonial Pipeline, and warned that key infrastructures remain open to similar hacks.
Asked about the eventual cost and fallout of last week’s attack on the largest fuel pipeline in the US, Mumenthaler told reporters at CNBC that it’s “definitely too early to tell” what the damage is.
However, he noted that these kinds of sophisticated cyber attacks are “increasing constantly,” adding that “critical infrastructure is a problem and we’ve known for years that there are vulnerabilities around that.”
Analysts at McGill & Partners said earlier this week that the attack on Colonial Pipeline should serve as a “wakeup call to organisations all over the world.”
Colonial is currently faced with an extended period of disruption as it clears the ransomware hack from its system or costly negotiations with the attackers, and other firms could easily find themselves in a similar position, Head of Cyber Shannan Fort said.
But Mumenthaler argues that the private insurance market is simply not large enough to offer full cyber protection to vulnerable organisations, due to the systemic nature of cyber risk.
He observed that the cyber insurance market is currently worth around $5.5 billion in premium, compared to “gigantic” yearly losses that extend into the hundreds of billions of dollars.
“There’s a cyber market that’s very tiny compared to the total exposure,” he told CNBC. “It’s going to grow but only a tiny minority of cyber is actually insured.”
“And I would actually argue that overall the problem is so big it’s not insurable,” Mumenthaler continued. It’s just too big. Because there are events that can happen at the same time everywhere that are much more worrying than what you just saw.”