The chief executive of one of Europe’s biggest insurers warns that cyber attacks, rather than natural catastrophes, will become uninsurable as the disruption from hacks continues to grow.
Cyber attack is a risk to watch, Zurich CEO Mario Greco told «The Financial Times» (behind paywall) Monday. «What will become uninsurable is going to be cyber,» Greco said. «What if someone takes control of vital parts of our infrastructure, the consequences of that?»
Insurance executives have raised concerns about this expanding risk as recent attacks had seen hospitals disrupted, pipelines shut and government departments targeted.
Emergency Measures
Losses from cyber attacks in recent years have also prompted emergency measures by underwriters to limit their exposure. Some insurers have responded by tweaking policies, in addition to pushing up prices, so clients retain more losses.
There are exemptions written into policies for certain types of attacks. A NotPetya malware attack on multinational food and beverage company Mondelez International in 2017 saw a $100 million claim rejected by Zurich, on the basis that the policy excluded a «warlike action». The two sides later settled, the «FT» writes.
«After Everything Has Gone Wrong»
In September 2022, Lloyd’s of London defended a move to limit systemic risk from cyber attacks by requesting that insurance policies written in the market have an exemption for state-backed attacks. A senior Lloyd’s executive said the move was «responsible» and preferable to waiting until «after everything has gone wrong».
Identifying those responsible for an attack is challenging, making such exemptions legally fraught, and cyber experts have warned that rising prices and bigger exceptions could put off people buying any protection.
Private-Public Schemes
There was a limit to how much the private sector can absorb, in terms of underwriting all the losses coming from cyber attacks, Greco said. He called on governments to «set up private-public schemes to handle systemic cyber risks that can’t be quantified, similar to those that exist in some jurisdictions for earthquakes or terror attacks».
