Cyber risk needs government as insurer of last resort: Swiss Re

Major catastrophic loss events may be uninsurable, according to the most recent Swiss Re sigma report, calling for a government-sponsored back-stop for example in the form of a re/insurer of last resort.

The report titled "Cyber: getting to grips with a complex risk", suggests that the potential scale of losses from some cyber events could be too great for the private re/insurance sector to absorb, especially peak-loss events such as widespread disruption to critical infrastructure or networks which could lead to significant accumulated losses.

For such risks, there may be a case for a government-sponsored back-stop (for example a re/insurer of last resort), something akin to the state support for protection against catastrophic terrorism risks. More broadly governments have an important role in promoting cyber resilience, including measures to improve cyber information capture and diffusion, and setting laws and regulations about how cyberspace is used and protected, the report said.

But market participants also have a role to play to reduce cyber risk. Businesses need to do much more to integrate cyber security into their risk management programmes. Recent attacks demonstrate that the costs of a cyber breach can escalate well beyond managing the fallout of lost or corrupted data, according to the report.

Firms must now factor in the potential damage to their reputation, physical and intellectual property, and also disruption to business operations, the report said. The increasing scope and magnitude of potential costs associated with cyber-incidents reflect the ever-evolving cyber risk landscape, which is characterised by several trends: The growing speed and scope of digital transformation; the widening sources of vulnerability from hyper-connectivity, with the rapid spread of, for example, internet-enabled devices and cloud computing, and the growing sophistication of hackers alert to the potential economic gains from successful cyber-attacks.

Initiatives to boost cyber resilience are underway. Product and process innovation and also advanced analytics will help foster improved cyber insurance solutions and extend both the boundaries of insurability and reach of cover. Ultimately, however, some cyber risks, especially those related to extreme catastrophic loss events, may be uninsurable. For such risks, there may be a case for a government-sponsored back-stop, the report says.

Regulation could be a catalyst for change with legislation coming into force in many jurisdictions requiring firms to build enhanced data protection safeguards. Despite increased awareness of the dangers, firms are generally ill-prepared to cope with cyber risks. Relatively few firms have integrated cyber security into their mainstream risk management. As a result of new regulation, "firms – large and small – need to invest more in cyber security architecture to develop robust pre-and post-loss risk management capabilities," says Swiss Re chief economist Kurt Karl.

Many firms are looking to transfer cyber risks to third parties better-placed to absorb them. "A dedicated cyber insurance market is developing, and an increasing number of insurers are looking to write more business in this specialty line," Kurt Karl continues.

Dedicated cyber insurance typically provides core protection against data and network security breaches and associated losses, with capacity limits in the market today ranging from around $5 million to $100 million.

Insurers are looking to develop less complex and more flexible insurance products. Furthermore, some re/insurers are seeking partnerships with cyber security firms and data analytics vendors to fill knowledge gaps and scale up/provide additional services to their clients.

To expand the boundaries of insurability, companies will need to work with their insurers to create a sustainable market.

Today’s top stories

Aviva slashes £0.4b off 2016 profit due to UK personal injury rate cut

UK government to launch consultation on Ogden personal injury rates

Maiden Holdings' 2016 results hit by reserve charge

Fifth Third buys US firm RG McGraw Insurance Agency

Hannover Re US reveals successor to CFO and new COO

Brit hires former Argo exec to lead new cyber team in US

Did you enjoy reading this story?  Sign up to our free daily newsletters and get stories like this sent straight to your inbox.