Global Insurers Worry About Cyber Crime Exposure


By Leo Lewis in Tokyo & Don Weinland, Hong Kong




Loosely written policies and the relentless growth of digital crime and cyber-disasters mean insurers could already be covering significant volumes of cyber risk without realizing it, according to senior industry figures.

The warning, from a top executive at one of Japan’s “big three” non-life insurers, is echoed worldwide by others across the industry and reflects fears that years of punishing competition in the property and casualty market have produced an unknown – but potentially huge – vulnerability.

In response to soft business conditions, said Nigel Frudd, the chief strategy officer at Sompo International, insurers have relaxed the wordings on their policies, offering clients greater coverage without taking additional premiums.

Insurers are now worried that the relaxed terms could be interpreted to cover Internet attacks, such as the loss of data, or data held for ransom by hackers. Insurers’ exposure could be vast – about 80 percent of large companies suffer a cyber breach every year, estimates for the total annual damage from cybercrime to the global economy range upwards of $400bn.

“Probably a lot of companies have written cyber risk within their existing terms and conditions without knowing it,” he said. AP Moller-Maersk, WPP, Reckitt Benckiser and FedEx stated that they were struggling to restore normal operations after the ransomware attack last week compromised hundreds of thousands of computers, industrial equipment, and other technology.

The industry is meanwhile awaiting definitive legal tests of how much cyber coverage has been inadvertently written. One illustration of the problem, say, Sompo executives, would be where an insurer had sold coverage on materials stored in a warehouse whose control systems were connected to the internet and suffered an attack that resulted in a fire.

A potentially wide range of tests could emerge from WannaCry, a virulent strain of ransomware that has infected computers in more than 150 countries. Executives at global insurance groups expect a wave of cases connected to the cyber attack to test kidnap, ransom and extortion policies, most of which were not written to cover Internet attacks.

A handful of early decisions from courts in the US has sent mixed signals to insurers. In one case, Travelers Indemnity, an insurance company, asked a federal court in 2014 to rule that a general liability policy it sold to PF Chang did not cover a breach of customer data at the US Chinese restaurant chain.

It won that case but lost another similar suit. In response to this uncertainty – and a signal that some have now acknowledged how exposed they may be, many companies are responding to the problem and have started to write exclusion clauses into policies noting that cyber attacks and other related risks are not covered.

“One of the key issues for businesses today is the gaps in traditional insurance cover that can leave companies exposed to the impact of cyber threats. There’s an urgent need for insurers to properly redefine terms of cover to meet the rapidly changing cyber threat environment,” said Jason Kelly, AIG’s head of liabilities and financial lines for greater China and Australasia.

Cyber insurance, which first emerged two decades ago, is a $2bn-plus market and forecast by insurance credit ratings and information service AM Best to expand to $7.5bn by 2020. Having grown globally at 20-25 percent annually over the past three years, cyber insurance has been embraced by an industry ravenous for sources of growth.

Despite that eagerness cyber insurance remains, say Sompo and others, under-developed as a market. Insurers have 100 years of data on automobile accidents, and more than that on many crimes, say experts on cyber security, but most incidents go unreported, and insurers lack data on the likelihood of a breach.

Growth may also be limited by questions including whether attacks that are proven to emanate from government-sponsored hackers count as acts of war and are therefore exempt from many policies.

Bryce Boland, chief technology officer for Apac at the cyber security group FireEye said that the insurance industry, along with the rest of the business world, was seeing the results of a global cyber arms race in which dozens of countries have the ability to carry out advanced cyber attacks.

“Cyber insurance policies often include exclusions for incidents that are acts of war. This makes the attribution of cyber attacks extremely critical. Who decides who is behind these attacks?” said Mr Boland.



Published on Jul 09,2017 [ Vol 18 ,No 898]


SHARE :
               


Editorial

The honeymoon appears to have come to an end. Members of the public are...


Agenda

The rapprochement between Ethiopia and  Eritrea has led to the signing...


Fineline

The Revolutionary Democrats concluded their council...


Commentary

The National Bank of Ethiopia needs to take measures to improve the red...


Viewpoint

I love and respect Prime Minister Abiy Ahmed (PhD). I want him to succ...


Opinion

Back in the middle of June, when all the jubilation and hope was in ful...


View From Arada

The rallies of the past weeks are healthy manifestations of citizens’...


Editors Pick
















MEMBERS' LOGIN


ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

 

SUBSCRIBE TO ADDISFORTUNE


//