Brought to you by:

Hostile cyber activity ups ante for cover gaps

Government backstops may be needed to absorb some cyber risk given market challenges in insuring potentially large losses from hostile activity and with premiums rising as cover costs are recalibrated, the Geneva Association says in a report.

The Swiss-based insurance economics research group says a protection gap exists for state-sponsored cyber attacks that stop short of outright military conflict. It refers to the attacks as hostile cyber activity (HCA).

The report says such attacks, akin to a cold-war type event, are insured up to certain limits by the industry, but potential losses are too big and uncertain for the market to absorb alone.

Geneva Association MD Jad Ariss and International Forum of Terrorism Risk (Re)Insurance Pools President Christopher Wallace say reducing the protection gap requires substantial progress to increase the insurability of catastrophic cyber risk.

“Otherwise, the current hard market for cyber insurance will likely persist and the industry will be reluctant to allocate the additional capital needed to meet growing future demand for cyber insurance,” they say in the forward to the report.

“Advances in modelling, greater sharing of cyber threat intelligence and mechanisms to protect re/insurers’ balance sheets from large accumulated losses are some of the obvious starting points.”

The development of a sustainable private cyber re/insurance market to cover the full scope of risks will ultimately depend on some form of public-private partnership (PPP) or government backstop, they say.

Dr Wallace is also CEO of the Australian Reinsurance Pool Corporation which covers terrorism risks. A recent Government review of its role rejected expanding its mandate to cyber at this time.

The Geneva Association report says a well-designed PPP could increase protection capacity and still encourage cyber market innovations to extend cover for hostile cyber activity.

“The insurance industry has come a long way in its understanding of cyber terrorism, HCA and cyber war and assessing how to insure such risks,” the report says.

“To expand the limits of insurability, insurers need to be proactive in assessing feasible options for sharing cyber risks, including with governments via PPPs.”

The report is available here.