The CEO of one of the major European insurers has warned that cyber attacks, such as natural disasters, can no longer be insured, in view of the uncontrolled increase in the malicious activities of hackers.
In recent years, insurance industry executives have sounded the alarm that systemic risks, such as pandemics and climate change, are straining the industry's ability to provide adequate coverage. For the second year in a row, natural catastrophe losses are projected to exceed $100 billion.
Mario Greco, managing director of the insurance Zurich, he told al Financial Times that the risk to fear most of all is the IT one: “What will become uninsurable will be cyberattack damage.”. Then he emphasizes: “And if someone took control of vital parts of our infrastructure, what would be the consequences?”.
Recent attacks that have disrupted hospitals, blocked pipelines and targeted government departments have fueled concern about this risk among industry executives. According to Greco, focusing on the privacy risk of individuals is to lose sight of the big picture. “First of all, there has to be a perception that it's not just about data… It's about civilization. These people can seriously disturb our lives”.
Skyrocketing cyber leaks have prompted underwriters to take emergency measures to limit exposure. In addition to driving up prices, some insurers have responded to the threat by modifying policies to keep losses as low as possible. There are written exemptions in the policies for some types of attacks. Cyber experts have warned, however, that the increase in the prices of insurance policies with all these exceptions could discourage the purchase of insurance protections in the future.
In 2019, Zurich he initially denied a $100 million compensation claim by the food group Mondelezresulting from the attack NotPetya, on the grounds that the policy excluded warfare. The two sides then agreed.
In September, Lloyd's of London he took a new line by demanding that market-based insurance policies include an exemption for state-sponsored attacks. A responsible move but difficult to implement because it is impossible to identify those responsible for the attacks and their affiliations.
Greco said there is, therefore, a limit to how much the private sector can absorb, in terms of underwriting all losses from cyberattacks. He therefore invited governments to "set up public-private schemes to manage systemic cyber risks that cannot be quantified, similar to those that exist in some jurisdictions for earthquakes or terrorist attacks”.
Last September, the government of the United States it moved to consider a federal cyberattack insurance response, which could be part of or outside the current public-private insurance program for terrorism.
In June, a report from the US Government Accountability Office highlighted the potential for cyber incidents to “reverberate” other related businesses. According to the report, examples such as the hacking of the Colonial pipeline, which has created temporary gasoline shortages in the southeastern United States, they show “the possibility that a single cyber incident could affect critical infrastructures with catastrophic consequences”.