How can insurers and society combat ransomware? Chubb Chairman and CEO Evan Greenberg is doubling down against outlawing ransomware payments to address the issue. He appears to make an exception, however, for cryptocurrency payments.
“While I don’t think the government should outlaw ransomware payments at this time, I do think we ought to be looking at whether we allow crypto payments. Because who are you paying, terrorists?” Greenberg said during the company’s July 28 Q2 2021 earnings call.
By Greenberg’s argument, victims should be obligated under current anti-money-laundering laws to get permission from the U.S. Department of the Treasury to make a ransomware payment.
“We should be removing the incentive out of the system for ransomware attacks, which are all about money for the most part, and unmask what is the intention to disrupt our country politically – unmask that part of it and show it,” Greenberg said.
As well, he advocates private and public-sector partnerships to address the growing problem.
“There are all kinds of things that the private sector and public sector could be doing together,” Greenberg said. “Sharing of information is one of them right now, and understanding where systemic risk aggregations are is another…It is more than about achieving rate in cyber today.”
Greenberg’s comments come as the onslaught of ransomware attacks is forcing some cyber insurers to reassess their business, with massive rate hikes, scaled-back coverage and more on the table. On the rate hike front, cyber pricing in the U.S. jumped 56 percent in the 2021 second quarter alone, and 68 percent in June, according to a recent Marsh report. Ransomware claims frequency and severity seem to be the cause.
Under that context, Greenberg noted that the pricing environment for cyber “is pretty good,” but it fails to address the fundamental issue about cyber “that the industry has to wrestle” and Chubb is starting to address. Part of the problem, he said, is cyber and pandemic cover are very similar.
“Like pandemic, cyber has a catastrophe profile, and the nature of cat potentially is that it has no time nor geographic boundary to it,” Greenberg said, evoking an argument he has made before. “You take the growing digital interconnection of the world today in everything – personal and business, and that potential for catastrophe – the concentrations for exposure are only growing.”
Greenberg observed that risk is apparent in all the cyber attacks we’ve seen, both malicious cyber attacks from nation-states and non-nation-state actors, to either disrupt society or just to make money. Managing that is complex, he noted.
“You have a frequency of loss on one hand, and rate and some adjustment to coverage can manage that. On the other side of the coin, you have a systemic nature of this,” Greenberg said. “I can tell you in the way Chubb underwrites, we are facing it and we are beginning to address it…in underwriting.”
Greenberg said there are also “real public policy questions” regarding cybersecurity, and “we are involved in raising our voice in the public policy arena.”