Cyber risk insured losses reached $400 million in aggregate across three events in 2017, the largest annual level yet tracked by the Property Claims Services Unit of Verisk Insurance Solutions.
“With more than $400 million in aggregate across three events, 2017 became the most active year for cyber risk losses in market history,” PCS said in its Global Risk Loss report for 2017.
Insurance industry response to the growing number of cyber threats helps to partially explain the increase in large losses, PCS explained. For example, cyber loss programs are in place today with $500 million in protection or more. That’s up from average policy limits of around $100 million in 2013 and 2014, according to the report.
Even with greater cyber coverage, economic losses are still exceeding those expanded limits.
PCS points out that Equifax and Merck are dealing with large economic-related cyber losses from 2017 estimated to surpass $1 billion. Also, some companies affected by 2017’s major cyber events still don’t have cyber coverages.
Two examples of companies that lacked cyber insurance when they were struck: Maersk and FedEx, both of which were hit with large economic losses from Petya/NotPetya in mid-2017 but lacked cyber protection. Maersk, a Danish shipping company, dealt with a huge backlog after being forced to shut down its online ordering system after the Petya malware affected its machines. FedEx’s TNT unit, a Dutch shipping company, faced a massive blow to its information systems from the same attack, which left it with major service and invoicing delays.
PCS’s Global Cyber service has identified nine cyber risk loss events with insured loss estimates of at least $20 million since monitoring began in 2013, the company said. PCS Global Cyber reports only single-risk losses worldwide, but the company said it plans to expand the platform into cyber catastrophe events at some point.
Executives increasingly see cybersecurity as a risk management priority, but some disconnects remain between identifying the need and taking action. About 56 percent ranked cybersecurity as a top five risk management priority, but just 30 percent said they’ve developed a plan to respond to a cyber event, according to a recent Marsh/Microsoft survey of more than 1,300 executives looking at cyber risk concerns and management strategies. Just 19 percent said they were highly confident their company could manage and respond to a cyber event.
PCS’s report also covered the Global Marine and Energy and Global Terror specialty lines sectors.
Source: PCS/Verisk Insurance Solutions.