The Geneva Association, made up of insurance company chief executive officers from around the world, has published its newest report, this time looking solutions to the growing problem the industry faces insuring peak cyber risks. It says protecting society from an unprecedented cyber attack will require more than the insurance industry’s participation in creating a larger, sustainable cyber insurance market.
They say growing geopolitical tensions and the use of digital technologies are amplifying cyber risks. They add that cyber attacks increased 38 per cent in 2022 when compared to 2021. “Although the dedicated cyber insurance market has grown rapidly over recent years, a huge protection gap persists, especially if an unprecedented, extreme cyber incident – striking multiple large segments of the global economy – were to occur. The prospect of such a severe cyberattack significantly hinders reinsurers’ appetites to assume cyber risks,” the Geneva Association states.
Currently insurers are concerned that harm could occur simultaneously for multiple policyholders and across different geographies, causing significant aggregate losses. Although loss accumulation concerns are not new, the report states, rising geopolitical tensions have materially worsened the threat landscape. “The more hostile cyber environment has only served to highlight the actuarial challenges that cyber risks pose,” the report states. Entitled Cyber Risk Accumulation: Fully tackling the insurability challenge, it adds that the factors driving the frequency and severity of cyber losses are not always well understood and typically cannot be modelled with standard statistical approaches.
In the report, researchers look in depth at the increasingly hostile threat landscape, at the actuarial challenges, at loss accumulation were critical infrastructure to fail – supply chain disruption, software vulnerabilities and mass liability claims are all examined, along with the latest advancements in risk assessment.
It goes on to recommend the industry engage in knowledge-sharing partnerships with government security agencies, critical infrastructure providers and technology companies to better understand the threat. “Even so, there are limits to the amount of financial loss the re/insurance industry can safely and sensibly absorb,” they add.
The researchers further indicate that new institutional innovations may be required but add that a government backstop may need to be created for major cyber incidents, to encourage insurers and reinsurers to extend coverage and increase their risk absorbing capacity.
Darren Pain, director of cyber with the Geneva Association says “the many unknowns around cyber risk are fostering a massive cyber protection gap. With better data and understanding of cyber threats and their loss accumulation potential, insurance can help narrow that gap. But better cyber risk models alone will not be enough,” he adds. “Our report urges the right partnerships be put in place among re/insurers, technology providers, governments and others to help create a larger, more sustainable cyber insurance market.”
In the forward written by the Geneva Association’s managing director, Jad Ariss, a recent scenario published by Lloyds is also discussed. In that scenario, Lloyd’s found that a major attack on a financial services payment system could cost the global economy US$3.5-trillion. “This extraordinary amount of potential losses, as well as the high degree of uncertainty around them, makes effectively tackling this still-evolving threat one that transcends re/insurers alone.”