Business interruption cyber risks demand more attention from insurers as globalization continues to worsen their impact, a panel of experts argued recently.
BI coverage has drawn heightened attention in recent months due to the coronavirus pandemic and its ongoing disruption of commerce around the world. Cyber risks have created potentially catastrophic risks for far longer, however, and technology’s advance continues to worsen their potential for global economic harm, the ITC Global panel said during a virtual discussion on Oct. 20. ITC Global is this year’s InsureTech Connect annual meeting.
“Business interruption has been becoming an important issue for years and years and years,” said panel moderator Michael Millette, managing partner of Hudson Structured Capital Management.
Panelist Michael Tanenbaum, EVP Financial Lines for Chubb, said that business interruption involving cyber risks came to the forefront a few years ago, with the international WannaCry ransomware attack and the global NotPetya malware attack, which has been considered the most devastating cyber attack in history. At that point, he said, people started to understand the impact of Internet of Things connectivity, and the global financial risks of it breaking down. It will be even worse, he said, by 2025, when “there should be over 50 billion IoT-connected” entities on the web. Making it even more intense will be the 5G improvements expected to boost connectivity even further, an advance that provides both economic opportunity and intense risk.
The 5G improvements offer “extreme advantage from a technology perspective, but with that comes inherent risk from a business interruption perspective,” Tanenbaum said. With that in mind, he suggested that company boards are actively “asking risk management departments where they are with regards to cyber hygiene from a business interruption loss perspective.”
Scratching the Surface, Meeting the Threat
Pascal Millaire, the CEO of CyberCube, said that the insurance industry has a long way to go to meet cyber coverage business interruption needs.
“I think today we’re only scratching the surface when it comes to the need for business interruption cover in the cyber space,” he said, agreeing that the Internet of Things will push the issue to a crisis point.
“It will unlock over $10 trillion in new economic activity globally, [and] many of those devices will work well. Many will not,” Millaire said. “When they fail, it will not be unreasonable to expect” significant losses.
Tanenbaum said that insurance coverage can address this, adding services such as call centers, threat notifications, surge protection, IT restoration, and legal services that help clients counter a threat quickly and mitigate long-term damages.
Insurers, in turn, need to be able to facilitate hundreds of claims at the same time when business interruption-related cyber attacks strike. Additionally, Tanenbaum recommended developing ways that help clients stay afloat through backup vendors that can maintain Internet bandwidth, and prepping clients with “resilience” tabletop exercises that amount to cyber attack fire drills.
Millaire said cyber losses are worsening their business interruption-related damage. He noted data released by UK regulatory authorities in 2019, for example, that ranked enterprise-related cyber losses in the country as higher than flood, Japan earthquakes, and most other catastrophes other than California earthquake and Atlantic hurricane-related losses.
Millette closed the discussion with a warning.
“With increasing interconnectedness … the cost of a failed connection is higher and higher,” he said. “Cyber risks whether reflected through breakdowns in the cloud [or] web have a chance to disrupt all of our lives [in ways] they didn’t have 40 years ago.”