9 February 2023Analysis

WCF: Cyber crime could become uninsurable

The threat from cyber criminals is continuing to evolve – and cyber crime could become uninsurable, attendees heard at the recent World Captive Forum.

At a presentation at the conference, recorded by Business Insurance, entitled ‘Secrets cyber criminals don’t want the insurance industry to know’, Dioly Alexandre, chief executive of cyber warfare defence and compliance management company BlackShield Cyber, warned that pricing cyber risks was difficult as unlike other areas of insurance there aren’t the long-term records of back-end actuarial data that areas like workers' compensation, automotive or other industries have.

“The cost of individual events and the resulting fallout of those events are rising and expanding astronomically,” warned Alexandre. “For example workers comp if somebody falls and breaks their leg. We can put a cost of that. We know that'll be between $10,000 and $75,000, but it's contained to that incident.

“Now imagine if when somebody fell and broke their leg, there was also a 50% chance that the entire factory might spontaneously combust. That's basically the problem with cyber incidents. They don't stay in one particular area. If a server gets breached, that's not the end of it. If a network gets broken down that's not the end of it. So, the accuracy of determining where risk will even happen and carry itself out is much more expanded.

“And because of that even the largest reinsurers such as Lloyds of London's and several others are considering completely stepping away from this and some industry experts are talking about the fact that cyber as a whole might not even be insurable.”
He also said that many of the commonly-held assumptions about cyber crime are now wrong.

Alexandre pointed out that the old trope about hackers being based in a room in their parents house was badly out of date and that hackers are now far better organised and in some cases state-funded. In addition, in some cases their primary target is now profit whilst others have a more political motivation in disrupting companies and causing chaos.
As a result he stressed that insurers, including captive owners, need to re-evaluate the multiple threats that cyber crime now poses to them and assess their approach to insuring their assets appropriately.