Cyber Insurance Still infant or grown up? - Dr. Jürgen Reinhart March 2021
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Image: cosmin4000-GettyImages Cyber Insurance Still infant or grown up? Dr. Jürgen Reinhart March 2021
Questions about cyber we want to answer today
1. Cyber Risk – what is it?
2. What does this mean for insurance?
3. What keeps a Chief Underwriter awake at night?
4. Why are actuaries concerned with this?
Cyber insurance – still infant or grown-up? 13 March, 2021 2
1 Cyber Risk – what is it?
What does it mean “Cyber”?
The term “Cyber” is a prefix used to In the insurance industry the term
describe a person, thing, or idea as “Cyber” is used for all risks which arise
part of the computer and information out of or stem from the usage of
age. Taken from kybernetes, Greek computer systems, hardware, software,
for “steersman” or “governor” data, the internet, networks and any
Currently, the adjective “cyber” relates to other components of any information
or characterizes the interconnectivity and technology (IT) and Operational
culture of computers, information Technology (OT)
technology, and virtual reality
(‘the cyber age’)
13 March, 2021 4
Digital revolution bears a hyper-connected world
2030
Biometrics 125bn
Artificial
Intelligence
5G
Virtual
2017 Assistants
Robotics
Big Data
Digital
27bn Man-Machine
Smart
Cities
Ecosystems
Cloud Collaboration
Smart
Computing
Data
13 March 2021 5
Operational Technologies
Operational technology (OT) is hardware and software that detects or causes a change, through
the direct monitoring and/or control of industrial equipment, assets, processes and events.
Cyber insurance – still infant or grown-up?
6 13 March, 2021
Home Office
Cyber insurance – still infant or grown-up? 13 March, 2021 7
Evolution and exponential growth in cyber incidents
Major cyber incidents 2016 Exemplary selection
Yahoo
2007 2011 2013 (500m records)
DDoS on Estonian Sony PSN Yahoo! 2015 2017
govt. sites data breach (3bn records) Anthem WannaCry
2014 (80m records)
Sony Picture 2017
2010
hack NotPetya
Stuxnet
2018
Google+ (52m records)
2018
Marriott
(500m records)
2005 2018
2020
British Airways
(500k records)
2018
2018Twitter (330m records)
Facebook (90m records)
2011 2017
RSA SecurID infiltration Uber (57m records)
2014 2015
Ebay US federal1 2016
2009
2012 (145m records) (21m records) LinkedIn (112m records)
DDoS attack on govt./financial
websites in South Korea Dropbox
(68m records) 2016
Bank of Bangladesh attack
(estimated $81m stolen)
1 Sensitive personnel data stolen from US govt. employees gone through security clearance background checks 13 March 2021 8
Top 10 Global Business Risks 2021
Allianz Risk Barometer
Cyber insurance – still infant or grown-up? 13 March, 2021 9
Evolving threat landscape and cybercrime perspective
Munich Re global cyber risk and
insurance survey
Estimates of global cybercrime costs differ with cybersecurity ventures being
at the upper end assuming these costs to reach $10.5tn p.a. by 2025!
81% of global respondents
In 2021 the number will be around $6tn up from $3tn in 2015 (5.507) believe in an increase
of cyber crime
Fraud, Data Breaches and
Attacks and payloads will get even more sophisticated and targeted wherever
an extra effort seems promising
Ransomware Top 3 concerns of C-
Level respondents
30% of global C-Level respondents
Just one example: Spear phishing is a rather high and manual investment. are “extremely concerned” about a
Automated tools combined with scanning programs will reduce efforts.
Distribution and customization will be more easy potential cyberattack. 38% are at
least “concerned”
Phishing attacks will remain the major entry door
Development and adoption of top technologies like 5G, artificial intelligence,
automation, edge computing or the shift to clouds will add new attack surfaces
Cyber insurance – still infant or grown-up?2 What does this mean for
insurance?Cyber insurance market with strong expected growth
10,8 5,0
5,3 1,1
3,7 0,6
Europe
North America
20,2
0,1 0,4
0,1
7,3 Middle East
0,0 0,0 0,2
4,7
0,2 0,8 Africa 3,0
0,1
World in bn USD Latin America 0,3
0,6
Asia/Oceania
2018 2020 2025
1 Estimates by Munich Re 13 March 2021 12For Europe a CAGR of 37% is expected
5.0
3.8
2.9
2.2
1.6
1.1
0.6 0.8
2018 2019 2020 2021 2022 2023 2024 2025
UK Germany France Italy Rest of Europe
Source: Munich Re Economic Research/CU 13 March 2021 133 What keeps a Chief Underwriter
awake at night?Cyber (re-)insurance outlook
(Contingent) Loss of
Loss or Privacy breach Cyber Property Business Product Reputational intellectual
theft of data protection extortion damage interruption liability damage property
Data is Consumer (Threat of or) First or third- Business Third-party Loss of profit Loss of profit
destroyed or data is stolen loss or party property interruption or property resulting from as a
stolen; or lost, or destruction of damage as a contingent damage or reputational consequence
covered in non- own or consequence business bodily injury damage as a of stolen trade
private, compliance customer data of a cyber interruption caused by consequence secrets, or
commercial with privacy event resulting from software of a cyber other
and industrial legislation by a cyber event failure within event commercially
lines a company a product sensitive
of business information
Increasing exposure
and complexity of coverages
13 March 2021 15New trends in Cyber wordings
Infrastructure failure exclusion/limited to
BI (not applicable to data restauration)
Blanket Contingent BI for supply chain
Open peril system failure/any unplanned
outage/“Act of God trigger”
“Bricking”
“Voluntary shutdown” covered in BI section
BI Indemnity period (180 days or more?)
13 March 2021 16Ransomware is getting a problem
Cyber insurance – still infant or grown-up? 13 March, 2021 17Major Cyber Accumulation scenarios1
Data breach
External networks failure3
Virus/Malware
IT Service provider outage2
Global outbreak of Multiple insureds are Large-scale outage Electrical
widespread, affected by a large- of services such as power supply
untargeted self- scale data Cloud causing Telecommunication
reproducing malware breach attack widespread & Internet
business impacts
Infrastructure
Software Failure
1 MR has investigated other scenarios (e.g., corrupted software) as well, which turned out to be lower in terms of PML magnitude 2 Scenario/model under development
3 This scenario is are deemed not within appetite and are only written by exception, if specific permission (“dispensation”) is granted by the highest underwriting authority 13 March 2021 18On December 13, 2020 CISA determined that this exploitation of SolarWinds products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. Multiple versions of SolarWinds Orion are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems. Disconnecting affected devices, as described in Required Action 2 of the ED, is the only known mitigation measure currently available.
4 Why are actuaries concerned with
this?Topics where we need actuaries
Pricing
Exposure Analysis
Risk Quantification
Accumulation Risk Modelling
Data analytics and Artificial Intelligence
Cyber insurance – still infant or grown-up?Cyber Insurance – What Is It?
or
Cyber insurance – still infant or grown-up? 13 March, 2021 22Editing footer: Insert > Header & Footer (title of presentation and name of speaker) 13 March, 2021 23
Q&A
Image: cosmin4000-GettyImages
Cyber is a challenge…
…but also an opportunity!You can also read
