Large-scale attack is grave threat to cyber insurance market: ExpertsReprints
NEW YORK — Cyber attacks that compromise critical infrastructure, industry or systems are an increasingly grave threat, as an event could jolt the cyber insurance market, according to a panel of experts speaking at the first AIR Worldwide Cyber-Casualty Seminar on Tuesday in New York.
“I’m more worried about the physical-cyber convergence,” said Frank J. Cilluffo, associate vice president and director, center for cyber and homeland security, at George Washington University.
He cited the NotPetya cyber attacks on the Ukraine in mid-2017 that the U.S. now attributes to Russia and which hit the country’s electrical grid.
“What we saw in the Ukraine, when Russia turned to cyber attacks to cause a physical kinetic impact on the grid – that’s the kind of stuff that should keep us up at night,” Mr. Cilluffo said.
Such attacks may become more common.
“I think we’re going to see a lot more attacks on critical infrastructure, including the supply chain of critical infrastructure, whether that’s oil and utilities, financial institutions or health care,” said Kara Owens, global head of cyber risk, Transatlantic Reinsurance Co., in New York.
A cyber event of great magnitude in the U.S or western markets could disrupt the cyber insurance market.
“That one event, had it affected the western economies rather than just the Ukraine for the most part, it really would have turned into the most significant event of 2017 and would have turned the cyber insurance market on its head because it gave rise to the question of what is an appropriate time period deductible,” said Brad Gow, global cyber product leader, Sompo International Holdings Ltd., in New York. “If NotPetya had hit in a western environment, my bet is that at least 60% of the available capacity would be sidelined for at least 18 months.”
Ms. Owens said the number of insurers in the market could shrink in the wake of such a large-scale cyber event. Some insurers, she said, “don’t have large portfolios that have never experienced a catastrophe type event and that would definitely put them on the sidelines,” she said.
A large-scale attack, however, could also cause the demand for cyber coverage to rise just as the market was contracting.
“We could see the demand for insurance increase substantially,” said Fred Eslami, associate director, alternative risk transfer group, for Oldwick, New Jersey-based A.M. Best Co. Inc.
Meanwhile, companies continue to see higher cyber limits while new buyers enter the market.
“The big Fortune 1000 are trying to buy higher limits,” Ms. Owens said, with some reaching for $500 million or more in coverage. “To build that type of capacity has been very tough for the brokers, to put all of that together.”
More different types of buyers are coming into the market as well, she said.
“We’ve been seeing a lot more SMEs [small and medium-sized enterprises] and it’s not just health care, retail and financial institutions buying anymore,” Ms. Owens said. “Now you’re seeing it across the board.”