Page 21 - Turkinsurance Digital Magazine
P. 21
21
The Definition of Catastrophic Risk Is • A reduction in coverage limits An attack on an energy grid can affect not
Expanding • An increase in deductibles only the company concerned but also millions
In insurance terminology, catastrophic risks • An expansion of excluded scenarios (e.g., of people. Similarly, an attack on logistics
are defined as low-frequency but high-sever- war-related cyberattacks) software can bring the global supply chain to
ity events that affect large geographic areas • The integration of risk engineering and pre- a halt.
and a significant number of insured parties ventive services into policies At this point, cyber risk moves beyond being
simultaneously. Traditionally, this definition Insurance companies are no longer offering merely an “IT problem” and becomes a mac-
has aligned with natural disasters. However, only risk transfer; they are also positioning roeconomic risk.
large-scale cyberattacks in recent years are themselves as cyber security advisors.
prompting a reconsideration of this frame- The Insurance Industry’s Response:
work. A New Debate: “Cyber War” Coverage Product, Model, and Ways of Working
As cyber risk reaches catastrophic dimen- Are Transforming
For example, the WannaCry ransomware at- sions, one of the most critical debates is cen- The insurance sector is positioning itself
tack and the NotPetya cyberattack in 2017 tered around the concept of “cyber war.” against cyber risk along three main axes:
affected not only individual companies but Attacks believed to be state-sponsored are
also critical infrastructures ranging from generally treated under war exclusions in in- 1. Product innovation
healthcare systems to logistics networks. The surance policies. Moving beyond traditional cyber policies,
damage was not limited to data loss; produc- coverage is being expanded to include busi-
tion halted, supply chains were disrupted, and However, in the digital world, it is often not ness interruption, reputational damage, and
economic losses amounting to billions of dol- possible to definitively determine the per- data breaches.
lars occurred. petrator of an attack. This leads to serious
disputes at the time of a claim. To reduce 2. Risk engineering
Such events clearly demonstrate that cyber this uncertainty, the London-based insurance Insurance companies actively assess the secu-
risk creates “accumulation risk” in the clas- market Lloyd’s of London has made it man- rity level of insured parties and provide rec-
sical sense. In other words, a single incident datory to develop clearer clauses regarding ommendations for improvement.
can trigger thousands of policies simultane- cyber war exclusions.
ously. This makes it one of the most critical 3. Data and analytics investments
types of risk for insurance companies. This development shows that the sector now Artificial intelligence and big data analytics
treats cyber risk not merely as a “standard are beginning to play a critical role in cyber
The Nature of Cyber Risk: loss,” but also as a geopolitical risk. risk modeling.
Unquantifiable Uncertainty At the same time, the sector is still in a learn-
One of the most problematic aspects of cy- Global Landscape: A Hardening Market, ing phase. Many experts remain cautious
ber risk from an insurance perspective is its Increasing Discipline about whether cyber risk is fully insurable.
inherently dynamic and unpredictable na- In developed markets, particularly in the
ture. While earthquake risk can be modeled United States and Europe, cyber insurance A New Paradigm?
through fault lines and flood risk through has experienced rapid growth over the past Although defining cyber risk as a “new nat-
meteorological data, cyber threats consist of five years. However, this growth has also been ural disaster” is metaphorical, the underly-
constantly evolving, actor-driven, and often tested by significant waves of claims. ing reality is quite tangible: insurance is no
intentional attacks. longer limited to the physical world. Events
The sharp increase in ransomware attacks, in occurring in the digital realm can be just as
Three key challenges stand out here: particular, has disrupted the loss-to-premium destructive and far-reaching.
• Lack of data: Historical data on cyber inci- balance for insurers. As a result: However, there is a critical difference. Nat-
dents is limited and often not shared. ural disasters are unavoidable, whereas cy-
• Modeling difficulty: Events are not inde- • Premiums have increased significantly ber risk is, to some extent, manageable. This
pendent; a single software vulnerability can • Underwriting processes have become more pushes the insurance sector beyond its tradi-
affect the entire world. stringent tional role. The issue is no longer only to com-
• Systemic risk: A domino effect can occur • It has become mandatory for companies to pensate for losses, but to prevent them from
through cloud service providers or critical meet minimum cybersecurity standards occurring in the first place.
software. Today, many insurers do not provide coverage
A cyberattack targeting major technology to companies that lack multi-factor authenti- Catastrophic or Systemic?
providers, in particular, can create a global cation (MFA), backup protocols, and an inci- At this point, cyber risk is challenging—and
“digital earthquake” effect. For this reason, dent response plan. even exceeding—the classical definition of
some reinsurers now classify cyber risks un- catastrophic risk. This is because its impact is
der the category of “man-made catastrophe.” On the reinsurance side, capacity has also be- not only large but also systemic. It can simul-
come more selective. Major reinsurers are fo- taneously affect a wide range of areas, from
Implications for the Insurance Sector: A cusing on limiting cyber risks at the portfolio the financial system to public services.
New Balance Sheet Risk level and tightening aggregation controls.
Cyber risk poses a twofold threat for insur- Therefore, perhaps the real question is this: Is
ance companies: Scale Is Expanding: Critical Infrastruc- cyber risk a new “natural disaster” for insur-
1. Underwriting risk: The inability to accu- tures and Supply Chains ance, or an entirely new risk category?
rately price the risks covered under policies One of the most important factors increasing
2. Accumulation risk: A single event trigger- the catastrophic potential of cyber risk is the The answer is not yet clear. However, one
ing a large number of policies digitalization of critical infrastructures. Sec- thing is certain: the insurance sector is facing
This situation makes capacity management tors such as energy, healthcare, finance, and one of the most complex and fastest-evolv-
particularly challenging in cyber insurance transportation are now fully dependent on ing types of risk in its history. And this risk
products. The trends observed in the sector in technology. is powerful enough to redefine the boundaries
recent years include: of the industry in the future.
