Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Cyber attacks pose a risk as big as terrorism and flooding, according to two of the world’s biggest insurance groups that are calling for state support to help the industry to absorb losses.
Insurer Zurich and Marsh McLennan, the world’s biggest insurance broker, say in a new report that cyber threats are “outpacing the ability of traditional insurance and risk management approaches to fully mitigate them”.
There are “limits to the amount of financial loss” the private sector can absorb, the report says, given the potentially huge losses that could be caused by a cyber attack on critical infrastructure.
It proposes a number of steps to address this, including creating public-private partnerships to share losses from currently “uninsurable” events, such as a cyber attack that causes a widespread failure of key infrastructure. Some countries have already created state-backed schemes to share flood and terrorism losses.
“At some point cyber events can potentially become large enough to move outside of the insurance industry and become societal,” said Tom Reagan, global cyber practice leader at Marsh McLennan.
The report said the need to consider state support was driven by “the continuing transformation of the digital economy, the blending of physical processes with virtual control, and the growing role and expanding capabilities of new technologies, most recently, generative AI”.
Last year, Lloyd’s of London estimated that a major cyber attack on a global payments system could cost the world economy $3.5tn, and that it was “too substantial a risk for one sector to face alone”.
The cyber insurance market — which at just a few decades old is relatively new in insurance terms — took in about $14bn in premiums last year. Reinsurer Munich Re expects the figure to reach $29bn by 2027.
Policymakers in the US, UK and elsewhere have held discussions with the industry about how to absorb losses in certain cyber attack scenarios. Insurance executives hope that some sort of state backstop would encourage more insurers to offer policies and reduce prices, spurring take-up among companies and improvements in security practices.
Some insurers at present exclude attacks on critical infrastructure and state-backed attacks from mainstream cyber policies, on the basis that such exclusions are required to protect them from losses that could threaten their viability.
Sierra Signorelli, head of commercial insurance at Zurich, said a state backstop would “provide more certainty for the coverage”, in terms of what losses would be covered by the private sector and what would be paid by the government.
“By being clear about what is covered . . . we get away from some of this grey area [about exclusions],” she added.
Read the full article here