Cyberattacks pose a major threat to critical infrastructure. In May 2021, Colonial Pipeline, the largest refined products pipeline in the U.S., was shut down after a cyberattack. And in November, a ransomware attack knocked critical systems offline for over a month in the island nation of Vanuatu. The country is still dealing with the effects of this incident. For the second year running, insurance companies have had to pay over $1 billion due to natural disasters, reinsurance company Swiss Re revealed earlier this month. Nonetheless, Greco says cyber risks are more likely to be uninsurable because it’s impossible to quantify the consequences of cyberattacks. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” he asked. Greco is calling for a different approach to insuring “systemic cyber risks,” similar to what some countries and cities have in place for terrorism and natural disasters like earthquakes and tsunamis.
Private-Public Approach to Insuring Cyber Risks
According to Greco, the private sector can’t cover all the losses from cyberattacks. He urged governments to create private-public schemes to cover some of the losses from cyberattacks and other online threats. In November, Swiss Re published a paper on cyber insurance that said public-private risk-sharing mechanisms “can help mitigate overall exposures, improve risk understanding and help make society more resilient to attacks with devastating and potentially systematic consequences.” With the insurance sector having been tested like never before as a result of the pandemic and ongoing climate change, cyberattacks will only stress insurer’s resources further. Greco said the threat of cyberattacks extends beyond privacy risks. “This is about civilisation. These people can severely disrupt our lives,” he said.
Cyberattacks are a Top Risk to Global Security
According to the Allianz 2022 Risk Barometer study, cyber threats cause over 50 percent of all business interruptions and are the top risk to global security. Natural catastrophes are a distant second at 36 percent. So much has changed in the digital world since 2020, influenced primarily by global disruptions caused by the pandemic. Remote working opened up several unguarded entry points for threat actors. In 2021, Marsh McLennan, one of the world’s largest insurance providers, reported that nearly half of its insurance clients took on cyber insurance in 2020 due to fears of ransomware attacks. And it appears they were right to do so. There has been an uptick in cyberattacks. U.S. banks shelled out an estimated $1 billion in ransomware-related payments in 2021. In response to this threat, the U.S. passed legislation in March that requires public and private companies to report data breaches within 24 hours. Meanwhile, Allianz, the world’s largest insurance provider, predicts that ransomware will remain a top cyber risk in the coming year. However, state-sponsored APT attacks, evolving phishing techniques, and software vulnerabilities would shape the 2023 cybersecurity landscape. Are you interested in learning how to fortify your systems to avoid falling victim to ransomware? Check out our in-depth guide to ransomware.