Here was an event that was global in nature, impacting multiple classes of business and both sides of the balance sheet.
The ultimate insured loss cost is yet to be determined but whether it is $100bn or $50bn, it will be manageable. Nonetheless, it serves as a warning shot for what could happen in the event of a major widespread cyber event.
Earlier today, Howden published an in-depth report examining the challenges facing the cyber market and it identifies this systemic potential of the class as one of the industry’s pressing challenges.
The absence of historical loss data to manage aggregations compounds this challenge.
As was the case with Covid-19, business interruption would likely be one of the major drivers of loss following a catastrophic cyber event. As Howden notes, the pandemic has provided a painful illustration of how non-affirmative coverages can surprise, and spiral, in global systemic events.
Recent months have seen increasingly frequent attacks on system providers and critical infrastructure, such as the attempted hack at a water treatment facility in Florida in February and the ransomware attack on the Colonial Pipeline in May.
Earlier this year Lloyd’s warned the market of the emerging cyber threat to multiple business classes from the intrusion of industrial control systems, calling on syndicates to actively consider different potential cyber-physical scenarios.
As Howden also identifies, the sophistication of some of these attacks points to unattributable but probable state acts, which, in turn, challenges the utility of defined perils and war exclusions.
“This is an ongoing concern: a high proportion of cyber exposures are still embedded within traditional coverages, and events are now showing signs of spreading along supply chains and transcending entire sectors and regions,” the broker highlights in its new study.
Given the industry’s role as “society’s risk manager”, there is arguably an added onus on (re)insurers to help businesses build resilience to this peril.
As demand evolves, the industry faces a challenge balancing one of its major sources of growth while safeguarding solvency.
The Howden report suggests we are now in the hardest cyber market since the class’s inception.
“There has been a remarkable shift in sentiment from one of loss complacency to one of loss inevitability,” the broker says. “Underwriters are now taking the view that losses are no longer a matter of if, but when, and, as a result, have high expectations around the sophistication of businesses’ cyber security in order to ‘qualify’ for cyber insurance.”
The demand-supply imbalance in the cyber market means the current capacity crunch is unlikely to relent anytime soon. Insurers will likely continue to prioritise those companies that show they have robust and tested security measures in place.
Without these steps, the risk may not be one any insurer can afford, even at a time of rising prices…
For continued access to market leading content click here to enquire about a subscription to The Insurer.
Scan here to download the app