CDR (ret.) Eyal Pinko, Ph.D.
Cyberattacks will soon be "uninsurable," according to the Zurich Chief.
As the disruption from hacks continues to increase, the chief executive of one of Europe's largest insurance companies has warned that cyber-attacks, rather than natural catastrophes, will become "uninsurable."
The ability of the insurance industry to provide coverage is being tested by systemic risks like pandemics and climate change, about which insurance executives have become more vocal in recent years. As a result, natural disaster-related claims are anticipated to surpass $100 billion (€113.5 billion) for the second consecutive year.
However, Mario Greco, CEO of the insurer Zurich, told the Financial Times that the risk to be looking for was cyber.
Cyberspace "will become uninsurable," he predicted. What would happen if someone took over key components of our infrastructure? What would that mean?
Executives in the industry are becoming more concerned about this growing risk due to recent attacks that have disrupted hospitals, shut down pipelines, and hit government agencies. In May 2021, a cyberattack targeted the HSE in Ireland.
Greco continued: "First off, there must be a perception that this is not just data... this is about civilization. Focusing on the privacy risk to individuals was missing the bigger picture. These people could severely disrupt our lives.
The sector's underwriters have taken emergency measures to reduce their exposure due to recent spiraling cyber losses. Some insurers have reacted by raising prices as well as changing their policies to allow customers to keep more losses.
Certain types of attacks are exempt from certain policies. As a result of the NotPetya attack, Zurich initially rejected a $100 million claim from food company Mondelez in 2019 because the policy did not cover "warlike action." Later, an agreement was reached between the parties.
In order to defend a move to reduce systemic risk from cyberattacks, Lloyd's of London asked that insurance contracts written in the market include an exemption for attacks that the government supports.
At the time, a senior Lloyd's executive argued that the action was "responsible" and better than waiting until "after everything has gone wrong." However, cyber experts have cautioned that rising prices and wider exceptions could deter people from purchasing any protection due to the difficulty in identifying those responsible for attacks and their affiliations.
Greco stated that there is a limit to how much of the losses caused by cyberattacks the private sector can bear. "Set up private-public schemes to handle systemic cyber risks that cannot be quantified, similar to those that exist in some jurisdictions for earthquakes or terror attacks," he urged governments to do.
The US government requested opinions in September regarding the need for a federal insurance response to cyber threats, which could be included in or separate from its current public-private insurance program for terrorist acts.