Time For A Cybersecurity Agency Of Insurance?

A thought leadership piece published a couple of days ago by the self-styled “digitally native news outlet” Quartz (check it out on twitter @qz) got me thinking. The article (or blog if you prefer) reported that cyber-attacks now cost an estimated $400 billion in damages per year.

That’s a pretty eye watering sum by any estimation but what is truly scary is that the author cites comments taken from the latest Davos event, which indicate that this number may “soar”. What are we talking here? $500 billion, maybe a $1 trillion plus in damages in the next couple of years?

Let’s put that $400 billion sum into context. Allianz Global Corporate and Specialty recently posted its Global Claims Review 2014, which reported that in 2013, using industry-wide data, the 20 largest losses reported across the insurance industry totalled approximately €5.9 billion ($8.1 billion), excluding those caused by natural catastrophes.

Those 20 largest losses included plane crashes, ship grounding, fires, and incidents from the oil and gas industry. Even so, it shows that losses arising from physical man-made and natural perils are dwarfed by the behemoth that is the cyber peril - or as the Estonian President Toomas Hendrik Ilves – described it – the “little green men-ization of cyberspace.”

As phrases go, it doesn’t exactly trip off the tongue but we know what he means!

I don’t propose in this short blog posting to get into talk of cyber risk mitigation strategies and the latest security best practice but consider this. As cyber damages soar – possibly beyond the $1 trillion per annum mark in the not so distant future? – it does make one wonder if the insurance sector is sufficiently capitalized to contain potential future cyber hits to its collective balance sheet.

Not only that but at Fifth Step, we posted a blog recently which posed the question, is the insurance making itself a target for hackers? When cyber liability insurance emerged as a new product more than a decade now it seemed like a great idea to show off the sector’s ability to evolve with changing times. It was also of course a great new source of revenue but did we really understand just what we were taking on. I don’t think so.

Insurance companies, large and small, are increasingly victims of cyber-attacks.

Governments have asked the insurance industry to step up to the plate and be at the forefront of the fight against hackers – who, as the Quartz article states, appear to be a toxic convergence of organized crime, terrorist networks, and state actors - but in doing we have painted a bulls eye on the sector’s forehead!

The potential problem has become so big that the insurance sector needs to marshal its resources and to protect itself – not just its clients - against the hacking threat,

Last week, the Prime Minister of Singapore Lee Hsien Loong’s office announced the creation of the Cyber Security Agency of Singapore, which “will provide dedicated and centralised oversight of national cyber security functions.”

As Quartz notes: “Given the sinister ways in which cyber threats are evolving, the move is a necessary step for a wired, wealthy nation that has long been the target of cyber-crime.”

Is it now time for our sector to set up its own Cyber Security Agency of Insurance?