Tuesday, May 11 started out as an ordinary day for me.
Early in the day, I was following the latest news about the lingering effects of a ransomware attack on the Colonial Energy pipeline, which had happened a few days earlier.
For the last two decades, I have been writing about the concept of systemic risk. In particular, the potential of a cyber catastrophe has been top of mind for cyber underwriters and risk executives I’ve interviewed. The pipeline problem had me replaying some of the more frightening conversations.
Still, I didn’t really understand what it might feel like if a systemwide risk spread through cyberspace.
On a mid-day break, I sifted through my early morning emails to find one titled “The Really, Really Big One: The Likelihood of a 1-in-100-Year Cyber Catastrophe.” My Insurance Journal colleague, Elizabeth Blosfield, did a great job summing up the thoughts of experts about how insurers can minimize their potential footprint for systemic events through careful planning, licensing proper tools and proper execution.
And then Carrier Management colleague Mark Hollmer queried me and some other colleagues about a potential article investigating InsurTech risk mitigation efforts to curtail ransom attacks.
I started thinking about a deeper fundamental question that insurance industry investor Ian Gutterman and CFC Undewriting’s Chief Innovation Officer Graeme Newman debated in LinkedIn posts recently: Is Cyber Risk Insurable?
Well, of course it’s insurable. We’ve been insuring it for years, some specialty insurers are thinking.
“We can’t price cyber accurately and, if we can’t price it, we can’t insure it,” argues Gutterman.
Newman, for his part, defers to the early underwriters at Lloyd’s, ever willing to cover risks with limited data, and modern inventions to cover losses “discovered and notified” that limit insurers’ exposure to uncertain risks.
But then there’s that pipeline attack, “which shut down 5,500 miles of pipeline between Texas and New Jersey,…and many insurers are now realizing the significant risks inherent in this line of business,” according to AM Best.
“The escalation in ransomware attacks also has forced insurers to re-think globally, as evidenced by the decision of AXA Insurance in France to halt ransomware crime reimbursements,” Best’s analysts wrote in a May 11 commentary.
I started to bore a family member about the questions of insurability during that mid-day lunch break. Turns out, she wasn’t all that bored by the topic. At about 6:30 p.m. she emailed me a link to a CNBC video news item she saw on her smartphone: “Cyber risk problem ‘so big it’s not insurable,’ says Swiss RE CEO.”
Well, now, that’s odd. The email message with the video link is blank. All the messages in my inbox are blank or nearly blank. A few say, “Hi Susanne” at the top but then nothing.
Had there been a virus in the email?
I ran a full scan on my machine. No problems.
I tried the easy fix: shut down and restart. Emails still blank.
Next step: A Google search on “blank emails in Outlook.” Oh boy. Those fixes look too complicated.
It was time to contact IT—via text chat, not email, since messages I send are now invisible, too.
Shoutout to Jason Chipp of the Wells Media web team! We spent an hour trying quick fixes and then more complex ones, finally deciding to do some more research before the dreaded uninstall and reinstall we scheduled for the next day.
Before shutting down my computer for the evening, I tried one last Google search. Two news items suddenly surfaced that I hadn’t noticed earlier: “Microsoft Outlook Hit By Worldwide ‘Email Visibility Issues‘” in an Australian technology publication, and “Microsoft Outlook Bug Prevents Viewing or Creating Email Worldwide,” in a publication called BleepingComputer.
The second one, introduced me to @MSFT365Status on Twitter where “The official @Microsoft account for updates on certain @Microsoft365 service incidents” officially confirms the news that an update released during the day introduced bugs that prevented users from creating or viewing mail.
We’re investigating an issue with email message visibility in Outlook. Outlook on the web appears to be unaffected. More details can be found under EX255650 in the admin center.
— Microsoft 365 Status (@MSFT365Status) May 11, 2021
Users from Spain to North Carolina and from Ohio to Costa Rica had plenty of frustration to share in Twitter comments and reports on DownDetector.com. Among them were this comment and reply.
Wish I saw this before I spent the last 40 mins doing everything in Gods name to the damn program.
Exactly – maybe MS could have sent out a notice by email. Hahahahahaha
For me and Jason, it was a minor headache and an hour of lost productivity. But now that I think of it, that “Hahahahahaha” Tweet isn’t all that funny. Suppose this wasn’t a minor interruption in the virtual world caused by a technology glitch but a worldwide cyber attack across critical infrastructure and information systems. And what if all our emails and Tweets went blank at the same time.
“Only a tiny minority of cyber risk is actually insured. And I would actually argue that the problem is so big, it’s not insurable…There are events that can happen at the same time everywhere that are much more worrying than what you saw now,” Swiss Re CEO Christian Mumenthaler said on the video clip when I finally was able to view it.
Is cyber risk insurable? I’m starting to have my doubts too.