Cyber is a scary beast, but assess it properly: PCS

Tom Johansmeyer, assistant vice president at PCS, has stressed that cyber attack re/insurance is important—but that it needs to be viewed in a proportional and subjective manner.

“We have a runway of a couple of years where our industry has ambitions for rapid growth for cyber insurance and reinsurance. We have to be responsive and flexible, because what we are hearing all time is ‘cyber is changing fast’—two years ago is different from today,” Johansmeyer said.

“That’s true, but property changes fast as well. I remember when winter storms were measured in hours: 72 hours some years ago became 30 to 45 days, and nowadays Minnesota is a winter storm from January 1 to December 31.

“Property changes, cat changes, so of course cyber changes. The biggest challenge that we face right now is that cyber seems scary, because it’s new, it’s big, we’re all interconnected, we have smartphones, we have smart TVs, and we dread what will happen if they all go down in a cyber attack.

“That’s what makes cyber so scary, as I’ve heard from a lot of people while putting our cyber cat product together. They feel that cyber cat is harder to define than nat cat.”

Johansmeyer pointed out that during some recent natural catastrophes the events were described in very different ways. For example, the industry struggled to define whether a wildfire was one event or several. A cyber cat event could be hard to define in a similar way, he said.

PCS has launched a number of new products that offer new facilities for dealing with cyber which, he acknowledges, can be a new and worrying subject for many.

“Cyber cat is new and we’re trying to take a property cat mentality to it. Cyber is its own beast and needs to be viewed differently,” Johansmeyer said.

“There are some good lessons from terror that can be learned, especially when it comes to perpetrator groups, their intent and target, as well as purpose. Those are the things that help you to define a target event.”

He stressed that the industry has to take attacks into context, adding that the NotPetya ransomware attacks in 2016 took advantage of local conditions that were unique to the initial target area in the Ukraine and that sometimes cyber events had secondary unanticipated effects.

He concluded by saying that companies cannot neglect security just because they know that they have insurance. “It is far better to lock the doors against a cyber attack first, and then obtain insurance against it, just in case.”