Tag Archives: NotPetya

Quantify Your Silent Cyber Exposure With These Three Steps

In 2017, WannaCry infected computers in over 150 countries across the globe, taking out critical functions such as the National Health Service (NHS) in the U.K. One year later, the NotPetya cyberattack brought many household names to a standstill. The pharmaceutical giant, Merck, was reportedly the source of US$1.3 billion of total impact to (re)insurers from the NotPetya attack, 87 percent of which was considered silent exposure. These two major cyberattacks highlighted to insurance carriers the risk of being exposed to silent cyber events and the need to start quantifying and managing that risk.

Regulators have started to take notice. Since summer 2017, the U.K. Prudential Regulatory Authority (PRA) is asking insurance firms to provide action plans on how they plan to address their silent cyber risk. In November 2018, Moody’s announced it will soon start evaluating organizations on their risk to a major impact from a cyberattack. Following this, in July 2019, Lloyd’s announced a deadline of January 1, 2020 for all syndicates to start to address their silent cyber risk where “… all policies provide clarity regarding cyber coverage by either excluding or providing affirmative coverage.”

NotPetya and WannaCry were just two examples of costly silent cyber events. As pressure from regulators mounts and cyberattacks become more common, it is imperative to understand where silent cyber exposure can be found, and how much it could cost you.

Continue reading

Cyber and the War Exclusion

In 1915, Cuthbert Heath – pioneer of catastrophe insurance at Lloyds of London, decided to offer insurance policies to cover the impacts of war, far from the front line. Zeppelin airships were arriving over London during World War One, dropping bombs and incendiary devices. Later in the War, the bombs were being thrown out of Gotha biplanes.

Heath did some simple calculations: the number of Zeppelins, the frequency of attacks, the number of bombs each airship could carry, the damage area of an explosion, and how much of London was built up compared to open spaces. Having generated a risk cost estimate, he then multiplied it by six to arrive at his proposed rate for the insurance coverage. As the intensity of air attacks went up and down so his insurance prices followed.

Continue reading