Insurance industry focused cyber-security firm, Cyence, has pegged the WannaCry ransomware attack economic loss at an estimated $8 billion, although insurance and reinsurance protection is expected to cover just a fraction of this, warns A.M. Best.
The recent, global ransomware attack that impacted 150 countries and that was felt across a number of industries has sparked numerous debates and discussions about the need for adequate, affordable, and effective cyber insurance and reinsurance solutions.
The speed of which the attack took place and the reach achieved brought to the forefront just how important it is for businesses and organisations in all industries, and in all corners of the world, to utilise cyber insurance solutions to mitigate cyber threats of all shapes and sizes.
In a recent note on the attack, analysts at international rating agency A.M. Best state that cyber-security entity, Cyence, has estimated the overall economic loss from the so-called WannaCry breach at $8 billion, suggesting that insurance will cover some of this total.
“However, A.M. Best expects that insured losses will be a fraction of this, given the industry’s cautious and tepid position in cyber,” says A.M. Best.
Cyber is one of the fastest growing threats in the world, exacerbated by increased interconnectivity that enables a threat to expand rapidly and hurt numerous systems in numerous countries at the same time, alongside the continued transition to a truly digital world.
Insurers and reinsurers are constantly trying to develop adequate cyber solutions but the absence of historical data and limitations with modelling and the understanding of such an exposure, has seen the evolution of innovative and effective cyber solutions fail to keep pace with the increasing sophistication of cyber breaches.
“A.M. Best recognizes that the sophistication of cyber risk insurance policies is evolving, which is the reason many insurers are fairly cautious about putting up too much capacity in this area. Being very good risk managers, insurers tend to view cyber as a great business opportunity, but at the same time are very cautious about taking on cyber exposures beyond a certain risk tolerance,” explains the rating agency.
While attacks like WannaCry are sure to drive losses in the billions of dollars, insurers and reinsurers can benefit from the experience, explains A.M. Best.
“The insurance industry can also benefit from this attack, if it leads to a better ability to devise and craft appropriate policies with clear definitions and language, to attain the desired level of protection and coverage for policyholders,” says A.M. Best.
After all, without the occurrence of cyber events it’s impossible to develop enough historical data to even attempt to model something as complex and potentially costly as cyber.
It will take some time before the full economic impact of the WannaCry cyber event is realised, as will the portion of this that is taken on by insurers and reinsurers. The attack, along with the expectation from A.M. Best that insurance will cover just a fraction of the total loss, highlights the need for re/insurers to act fast and innovate in order to narrow the cyber risk protection gap.
