Every component of the world’s public and private infrastructure is subject to the risk of a cyber attack. Companies today face loss of or damage to digital assets; theft of funds; security and privacy breaches and associated liabilities; and nonphysical business interruption.
Executive SummaryTrophy targets such as credit card acquirers and cloud providers—and even commonly used software applications—expose insurers to the prospect of covering cyber events with effects that are the equivalent to Hurricane Andrew in the property world, according to AIR Worldwide scientists.
For companies that offer cyber insurance, managing the risk is a complex undertaking. One primary challenge is the sparsity of historical loss data that can be used to estimate the frequency and severity of potential attacks. Furthermore, risk managers need to account for scenarios that are unprecedented in their severity—or the cyber equivalent of Hurricane Andrew, an event that incurred insured losses that were unimaginable to most insurers before the storm struck in 1992. A few potential “Cyber Andrew” scenarios will be explored in this article, including an attack on a power grid, an attack on a major cloud service provider, a compromised system software attack and an attack on one of the major credit card providers.