The rather gloomy reading provided by the World Economic Forum’s (WEF) 2019 Global Risks Report highlights the growing threat of cyber-attacks. In terms of both likelihood and impact, cyber-attacks remain firmly in the top 10 of the WEF’s risks for 2019.
The Report draws on the WEF’s annual Global Risk Perception Study, which observes that over 80% of respondents believe that cyber-attacks of some sort will increase during 2019.
Click here to read the WEF Report.
Across so many aspects of our daily lives, we all experience the creeping domination of technology that often brings great benefits, but also can bring great risks. Whether this is a gradual move to a cashless society, the steady automation of our manufacturing processes or the use of computing to manage our power networks, the advance of technology in our increasingly globalised world continues apace.
In the 2019 risk barometer report produced by Allianz, the global insurer, business interruption and cyber threats were listed first and second in the risk ranking. The potential for damage is perceived to lie in interruption to complex automated and interdependent supply chains, which have become essential to so many larger enterprises.
To compound the gloomy outlook, a January 2019 report from CyRim (Cyber Risk Management) calculates that the economic cost of a concerted global cyber-attack could range between $85 billion and $193 billion.
Possible Financial Exposure
Despite such a high awareness of cyber-risk, there is frequently less understanding of what financial exposure it presents at an individual company level.
In 2018, the insurance broker Marsh commissioned research into the energy sector, which revealed that over half of respondents had not calculated or were completely unaware of their worst possible exposure to cyber risk. Further, over 75% of respondents cited business interruption as the principle likely impact, again highlighting supply chain vulnerabilities as an issue.
Allianz estimates that the average cyber-attack claim now costs €2m, exceeding the average fire/property claim of €1.5m. However, this average hides extremes – for example, in 2017 a four hour IT outage at an Amazon cloud computing division collectively cost affected businesses over $150 million.
This contrast, between awareness and quantification of cyber exposure, is paralleled in the insurance market. Insurers are aware of the growing exposure they face from cyber-claims, whether through physical damage resulting from malicious interference in system controls, business interruption resulting from supply chain breakdown or other liabilities arising from litigation following a data breach, cyber fraud or information theft.
The wide scope of possible losses, to so many different types of insurance policies, has worried insurers, who find it easy to contemplate a significant single cyber-attack involving many businesses across multiple countries, creating a truly catastrophic market loss. This complex potential for loss, coupled with the ever-changing technological environment, has led insurers to impose policy exclusions or cyber exposure sub-limits as an initial response. Moreover, with the actual incidence of claims still quite low, insurers are still analysing the multifaceted nature of cyber events in an attempt to develop appropriate underwriting models that quantify exposure and thus risk pricing.
It is apparent that awareness of the potential material disruption from cyber-attacks is driving the institutionalisation of cyber risk management in businesses globally. Meanwhile, insurers are working hard to understand the likely exposure and to develop innovative new products to help mitigate this headline exposure for their clients.
In future blogs we will continue to explore the state of the cyber insurance market, and specifically the extent to which insurance can mitigate cyber-risks in the energy and power sectors.
About the Author
Mark Tetley has wide experience gained from senior positions across the London insurance market as both an underwriter and a broker , in a variety of sectors. He provides advice and assistance on a wide range of insurance and risk issues, including comprehensive nuclear liability and property insurance assistance, complex infrastructure project programme design and review, claims and policy reviews, assistance with project insurance design and implementation in developing countries, and many other aspects of risk mitigation.
Prospect Law is a multi-disciplinary practice with specialist expertise in the energy and environmental sectors with particular experience in the low carbon energy sector. The firm is made up of lawyers, engineers, surveyors and finance experts.
This article remains the copyright property of Prospect Law Ltd and Prospect Advisory Ltd and neither the article nor any part of it may be published or copied without the prior written permission of the directors of Prospect Law and Prospect Advisory.
This article is not intended to constitute legal or other professional advice and it should not be relied on in any way.
For more information or assistance with a particular query, please in the first instance contact Adam Mikula on 020 7947 5354 or by email on [email protected].