The head of the largest Lloyd’s of London insurer, Stephen Catlin has said that cyber attacks are now so dangerous to global businesses that governments should step in to cover the risks.
The Financial Times (FT) reports that Catlin, whose comments come a day after US health insurer Anthem was the latest company to be targeted by hackers, said that cyber security presented the biggest, most systemic risk he has come across in all of the 42-years he has worked in insurance.
Anthem, which is the second-biggest health insurer in the US providing cover to over 40m people, said hackers broke into a database and stole personal information about customers and employees, including income details and social security numbers, in what was called a “very sophisticated” attack.
Speaking at the Insider London Conference yesterday, the founder of insurance underwriting company Catlin, argued that insurers’ balance sheets are not large enough to pay for cyber risks and that managing such liabilities is the governments job. According to the FT, Catlin’s comments come at a time when some insurers are harbouring reservations about underwriting cyber security risks, despite the belief from some executives that the increasing number of electronic invasions presents an opportunity for the insurance industry to sell more cover.
Many insurers offer cyber policies which help companies to meet the costs of forensic investigations and lawsuits if they are attacked, however, there are restrictions on the amount of cover and price of premiums by the industry.
Many insurers are have pointed out that traditional risks such as natural catastrophes are more contained than cyber attacks which are hard to model and unusually systemic. “It’s possible that you can have the same loss happening around the globe,” said Catlin.
Government schemes such as the Terrorism Risk Insurance programme in the US and Pool Re in the UK currently provide terrorism cover, but Catlin claimed cyber security provided a bigger threat than terrorism.
“With the threat landscape continuing to evolve at such a rapid pace, this news is hardly a surprise,” said Rob Lay, Solutions Architect for Enterprise and Cyber Security, UK & Ireland for Fujitsu. “Last year we saw several high-profile attacks highlighting the development of security threats and as such, businesses should not rely on insurance as a way of protecting themselves from an attack, whilst insurance may help mitigate some of the financial impact of a security incident or breach, the reputational impact, and the impact to the business operation cannot be mitigated with insurance in the same way.”
Lay said that instead of relying on insurance, “Organisations need to be smart with their approach and consider the people, process and technology elements when it comes to responding to the threats they face. By taking this risk based approach, businesses can ensure that they are dealing with the largest and most dangerous issues first.”