Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

INSURANCE

Cyberattacks still make headlines even as they become more regular. One reason is that the damage from an attack extends beyond inflicting serious reputational and financial damage. A new generation of ransomware like WannaCry and Not Petya, growing evidence of nation-state cyberattacks, and the targeting of connected devices that are automating critical systems, have shown how cyberattacks can disrupt physical operations and services.

Keith Stonell, managing director EMEA, Guidewire Software

Keith Stonell, managing director EMEA, Guidewire Software

The effect of attacks on a specific organisation’s infrastructure overall cannot be minimised. They can range from the disruption of ATM systems, pumping systems for water and gas, power supplies, to access to essential digital services that support everything from shopping to surgery.

Remediating these kinds of disruptions has exposed the issue of silent cyber in the insurance policies used by enterprises and other organisations. When an organisation has claimed for physical damage caused by a cyberattack that has incapacitated or destroyed essential systems, they have found these losses are not covered because cyber is not written into their main property policies.

Insurance policies can be silent on many things. For example, insurance contracts are neither affirmative or negative on whether an organisation is covered for a Martian invasion, or whether a sperm whale will smash down on top of your building’s roof.

Joking about fantastical threats aside, silence in insurance contracts can be bad for both the insured and the insurer because risks that have not been articulated are likely to be either unpriced and/or unprotected.

If the contract is silent about the physical effects of a cyberattack, then the insured organisation could be rolling the dice on whether their claim is accepted or not. They may believe that because cyber is not explicitly excluded, they can claim on their main business insurance policy only to get push back from their insurer.

For the insurer, silence on cyber risks means they cannot be certain about what their ultimate exposures might be for a policy that includes a property within which there are connected computer systems running essential services that could be destroyed or severely disrupted by an attack. The risk for the insurer is that the coverage from property insurance policies is many times greater than those on cyber insurance policies.

Last year, we conducted an analysis of silent cyber risks with Aon, a leading global professional services firm that provides a broad range of risk, retirement, and health solutions.

Our study considered the scenario of a hypothetical attack by hackers on a U.S. hydroelectric dam, which could impact businesses and homeowners. The attack imagined how hackers opened the flood gates at a hydroelectric dam. If such a scenario were to occur it would be likely to cause significant downstream flood damages, resulting in silent cyber losses for insurers. Using computer models, the total insured losses of one dam being physically breached by a cyber attack were estimated at $10 billion. This is equivalent to the damage from the wind and sea surge associated with a hurricane.

Silent cyber is not a deliberate avoiding tactic by insurers, but its persistence does undermine the value proposition of insurers in helping customers have greater certainty about risks; and there could be repercussions from insurers selling products that are not relevant to customer needs.

The starting point for remedying silent cyber is to define cyber as a peril that like a severe storm or overflowing rivers can cause huge insured losses in the real worldPolicy contracts need to be rewritten to be either affirmative or negative on coverage for cyber-related damage. This is not an easy task given how the contract wordings can vary greatly, but this is an essential step and one that many insurers are now undertaking.

Ending silent cyber is not a trivial matter. Rewriting policies needs to be accompanied by the development and availability of cyber insurance products that take account of physical insured losses. These might be part of re-imagined property insurance policies or as standalone cyber policies.

Insurers also need new tools to identify and understand risks that are more difficult to predict than established perils from weather, flood or fire risks. Stress testing their property insurance portfolios against new cyber-driven scenarios that damage critical physical infrastructure needs to be done more regularly. In addition, understanding the potential physical impact of cyber risks enables an insurer to work with customers to mitigate these risks through encouraging greater business resiliency or involving reinsurance partners.

Ultimately the goal of insurers must be to build up a much broader market for insuring against cyber losses. Insurers do not just want the high-risk cyberattack targets to buy cyber insurance but for all types of businesses and individuals to be protected. In this way, the industry can create a market that is large enough to absorb the risks even from a serious, critical national infrastructure attack.

Continue Reading

Recent Posts