Major Insurers Urge State Support To Secure Cyber Risk

Comparing the severity of cyber attacks to terrorism and flooding, the pair say some cyber incidents are ‘uninsurable’
Exemplified by the CrowdStrike IT outage, major insurers Marsh McLennan and Zurich are now urging state support for ‘uninsurable’ cyber risks

In an unprecedented statement from the insurance industry, titans of the sector Marsh McLennan and Zurich Insurance Group have released a whitepaper that says government support is needed to secure cyber risk.

“The severe threat presented by cyber risks requires collective action to bridge the protection gap,” says John Doyle, President & Chief Executive Officer at Marsh McLennan.

John Doyle is President & Chief Executive Officer at Marsh McLennan

Comparing the severity of some cyber attacks to terrorism and flooding, the pair say that some of the risks present from cyber incidents are ‘uninsurable’, and are outpacing the ability of traditional insurance and risk management approaches to fully mitigate them. 

Titled "Closing the cyber risk protection gap", the paper proposes a number of steps to address including creating public-private partnerships to share losses from currently “uninsurable” events.

The cost of cyber incidents

The global IT outage caused by a faulty update from cybersecurity firm CrowdStrike in July 2024 serves as a stark reminder of the far-reaching consequences of cyber incidents. 

The outage affected hundreds of businesses and essential services across multiple countries, including the UK's National Health Service, American Airlines, and even the organising committee for the Paris Olympics.

This incident highlights the interconnected nature of modern digital systems and the potential for cascading failures. 

Insuring cyber events is therefore a challenging field for insurers. The potential for widespread, cascading impacts makes it difficult to quantify and limit the risk exposure. 

Youtube Placeholder

This sentiment is echoed by none other than Warren Buffett, who earlier this year advised Berkshire Hathaway's insurance agents to only sell cyber policies if absolutely necessary.

"That aggregation potential can be huge, and not being able to have a worst-case gap on it is what scares us," Ajit Jain of Berkshire Hathaway further explained.

This fear of uncapped liability is a significant factor driving the need for public-private partnerships in the cyber insurance space.

Examining the cyber Insurance market

Despite these challenges, the cyber insurance market continues to grow. London-based insurer Beazley currently leads the global market with a 6.68% share and estimated gross written premiums of £827m (US$1.08bn) for 2023. The cyber insurance market as a whole took in about US$14bn in premiums last year.

However, the market remains fragmented, with the top five insurers accounting for just under 30% of the global market.

Given the scale of the challenge, Marsh McLennan and Zurich are calling for innovative solutions and greater public sector involvement. 

“As insurers, we can offer some degree of protection, but we must acknowledge that large-scale, catastrophic cyber events present substantial accumulation risks that cannot be borne by the private sector alone,” says Mario Greco, Group Chief Executive Officer at Zurich Insurance.

Mario Greco is Group Chief Executive Officer at Zurich Insurance

The whitepaper suggests establishing a common framework for data sharing, greater collaboration, and innovation between the insurance industry and public sector. 

Alongside private-public partnerships to share unquantifiable losses, it suggested robust incentives as an alternative to further regulation and methods to measure quantifiable catastrophic cyber risk.

A joint approach to a global challenge

As the cyber threat landscape continues to evolve with things like digital transformation and Gen AI integration, insurers believe so must the approaches to managing and insuring against these risks. 

The call for public-private partnerships represents a recognition that traditional insurance models may not be sufficient to address the unique challenges posed by cyber risks now and in the near future.

President Biden’s administration has recognised the threat cyber attacks pose on key infrastructure, and has issued orders to secure them, although the report highlights how big losses often occur from attacks on that very area. 

Whether the path forward will be one of collaboration and a shared commitment to cybersecurity from both the public and private sectors remains to be seen, yet what is obvious is the challenge ahead. 

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Why the UK is Listing Data Centres as Critical Cyber Assets

Being Western Europe's leader in number of Data Centres, the UK has decided to take steps to ensure they receive adequate protection from cyber threats

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

TCS partners with Google Cloud to launch a range of AI-powered cybersecurity solutions to help businesses secure their clouds against advanced threats

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cyber Security

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Hacking & Malware