Cyber risk
A NEW AGE OF RISK
Tim Gardner, CEO of US operations, Guy Carpenter talks about the growing risk in the cybersphere and the challenges associated with generating a probabilistic and holistic model approach for this risk.
technology and the rising number of cyber attacks. As industrial control systems for critical infrastructure migrate to cyber, and as we become increasingly dependent on e-commerce and cloud computing, the susceptibility to cyber risk increases exponentially.
C
In its broadest form, cyber risk is synonymous with information technology (IT) risk. According to the ISACA Risk IT Framework Excerpt, 2009 it is “The business risk associated with the use, ownership, operation involvement,
Cyber attacks represent a present and growing danger that threatens
businesses irrespective of size and sector. Risk aggregation is another concern for businesses, insurers and reinsurers,
given the possibility of single attacks leading to losses across a large number losses from a vast number of insureds spread across different geographies as a result of a single event. A large systemic risk has not yet materialised, but this does not mean the risk is not present.
Physical losses are a growing concern, both in terms of severity and
frequency, given the interconnectedness of cyber space and the physical world. One example of this new category of risk can be seen in the way that industrial control systems operate in the energy sector. These new generation control systems expose the sector to a host of cyber security risks that are only just beginning to be understood. The current size of the cyber breach and privacy market is approximately $2 billion and is expected to
36 | INTELLIGENT INSURER | November 2015
yber risk is one of the most pressing public topics being addressed as a strategic priority in corporate boardrooms and in governments across the globe. The growing concern with cyber risk is driven by the increased global reliance on
efforts and post-event remediation are gaining importance, as shareholders, regulators and rating agencies are increasingly focused on enterprise risk management (ERM).
The potential catastrophic loss and the size of remediation costs following an industrial infrastructure event or a data breach have not been widely known to insurers. There is limited history, lack of data and emerging capital needs.
Cyber risk is already an embedded feature of the global risk landscape,
insurance lines. As such, insurance has the potential to greatly enhance cyber risk management and resilience for a wide range of organisations and individuals who are exposed to its impacts.
exposure can be managed within specialty, casualty and property reinsurance programmes. The insurance market has developed a dedicated product line to address the initial risks faced by companies, such as data breach and business interruption due to network failure.
Underwriters of traditional insurance businesses have also responded, in some cases, with the introduction of several endorsements to address disclosure liability policy. This has created a complex picture with a mix of implicit and explicit cover as well as a number of exclusions to contend with.
With this mix, ascertaining the true level of cover for any given cyber risk scenario can be a challenging exercise.
www.intelligentinsurer.com
SHUTTERSTOCK / GLEBSTOCK
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60