Cyber-attacks raise cyber risk awareness in 2017

A number of cyber-attacks have helped raising the awareness of cyber risks in 2017, according to executives interviewed by Intelligent Insurer for our year-end questionnaire.

Recent events like Dyn and MongoDB (in 2016), as well as major attacks like Wannacry and Petya/NotPetya have made the insurance community recognize that cyber security (and cyber insurance underwriting) is a topic that must not be ignored, said Samit Shah, insurance solutions manager at security ratings provider BitSight.

Ransomware worm ‘WannaCry’ hit 150 countries and caused damage across the globe over the weekend of May 13-15, 2017, affecting the UK's health service NHS, Spanish telecommunications firm Telefonica and FedEx among others, and also stopping car factories, hospitals, shops and schools.

WannaCry was followed by Petya on June 27, when some of the world’s largest companies including WPP, Rosneft, Merck and AP Moller-Maersk have been hit by a large-scale cyber attack that also took critical government and bank infrastructure in Ukraine offline.

Hackers shut down access to computers and displayed a message demanding a $300 ransom from users, payable in bitcoins.

“The topic of risk aggregation and accumulation achieved much higher visibility in 2017,” Shah said.

At nearly every major industry conference, including Advisen, NetDil, and PLUS, multiple panel discussions or keynote speakers discussed such incidents and the future of cyber insurance underwriting, Shah noted. Furthermore, reputable industry publications are increasing their coverage of the economic and insurable losses associated with cyber risk.

Luzi Hitz, CEO, PERILS agreed: “In my view, 2017 might go down as the year in which cyber established itself as a major line of business. It is interesting to see how different companies approach this new risk. Some see it more as a threat because it is a risk which is hard to measure and managing potential accumulation issues is extremely challenging. Others see it as an opportunity to grow and innovate,” Hitz said.

Although historical data for cyber events is growing, cyber risk remains a difficult one to measure and predict. Therefore, some insurers are being more cautious while others are seeing cyber as an opportunity to grow.

“Nobody knows who the eventual winners will be; but it could be that fortune will favour the brave - as long as the brave behave intelligently and are not guided by volume targets only,” Hitz said.

This is just a snapshot of what executives told us in our Christmas questionnaire. For the full comments from all 16 executives that took part in our survey, please click here.