Need for more awareness in neglected cyber sector

Cyber risks are insufficiently researched even though their respective protection shortfalls are more dramatic than for natural catastrophe risk. That was just one of the findings from a new study undertaken by The Geneva Association called Understanding and Addressing Global Insurance Protection Gaps. The report found the cyber protection gap is estimated at 90%, and represents some 0.5% of the world’s gross domestic product (GDP). In contrast, the natural catastrophe protection gap represents about 0.2% of global GDP. Insurance protection gaps – the share of uninsured losses in total losses – are common with many underinsured sectors. However, factors such as lack of research and data, affordability and limited awareness and disclosure by companies contribute to this shortfall. “Cyber is a new topic and many areas need to be understood better,” said Maya Bundt, head of Cyber & Digital Solutions at Swiss Re. “Therefore, we support that request for more research,” she said. “The challenge is twofold when compared to natural catastrophe risks; in cyber there’s little historical data, as this is a new threat, and secondly, the threat is continually changing,” said Gareth Wharton, chief executive of Hiscox Cyber, talking to Reactions. “If you talked about cyber risk five years ago, no one would have mentioned ransomware, and this year we are already seeing attackers moving away from ransomware to cryptojacking,” he added. Other officials are also calling for industry officials to sink their teeth into cyber risks research. Kai-Uwe Schanz, special advisor to the Geneva Association, told Reactions that “industry stakeholders, including scientists, need to get their arms around more fundamental challenges such as the insurability of cyber risk”. “As far as protection gaps where cyber risk are concerned, we need more quantitative specific risk scenarios which allow us to compare losses to society with insured losses. Public-private partnerships may be a means of stimulating the cyber insurance market. Some lessons can be adopted from terrorism risk, an exposure considered uninsurable by the private insurance industry on a stand-alone basis,” he added. More aware Schanz also stressed that lack of awareness of specific risk exposures facing organisations needs to be addressed first and foremost. However, others say it is too soon to know whether cyber risks will be of equal scale to natural catastrophes, and that historical data is not a good indicator of future risks in this rapidly evolving threat landscape. Insurers are struggling with modelling cyber risks and grasping how frequent these incidents are, how large their costs are, and how to mitigate them, said Josephine Wolff, assistant professor at the Rochester Institute of Technology. Lack of research and awareness in the cyber insurance sector is surprising considering the highly publicised cyber-attacks of late. In April, the UK and US accused Russia of launching cyber attacks on government firewalls, networking equipment and computer routers, to advance spying and intellectual property theft. Reuters reported that the accusations came after western governments accused Moscow of undertaking cyber attacks. Russia responded and called the accusations “examples of a reckless, provocative and unfounded policy”. Analysts have estimated the annual global economic cost of cyber incidents at $400bn, some 0.5% of global GDP and almost...

Blurred image of Reactions article content
Blurred image of Reactions article related content