Losses caused by cyber wars – and widespread outages of electricity and telecommunications – are essentially uninsurable, Munich Re experts suggest.
“Historically, in property insurance, damages caused by war have been seen as uninsurable,” said Tim Zeilman, vice president and global product owner-cyber, Hartford Steam Boiler, during an A.M. Best Company Inc. webinar. “I think the same is true for cyber.”
During the webinar, What Insurers Need to Know About Next-Gen Cyber Threats, an audience member asked whether cyber risks will stay insurable or whether the industry will need to think about pooling cyber risk among insurers, reinsurers and government.
For the most part, cyber risks – other than some very specific pockets – appear to be insurable, said Zeilman.
Munich Re would deem a risk as insurable if it is measurable – if you are able to quantify what your exposure is, said Annamaria Landaverde, senior vice president and cyber team lead for Munich Re U.S.
Munich Re generally considers the following three categories of events as insurable:
a widespread malware event;
a cloud outage;
a widespread data breach.
This is because the reinsurer could quantify its maximum probable loss, said Landaverde.
On the other hand, she said, the following three categories of widespread critical infrastructure outages are generally uninsurable:
the Internet; and
the electrical grid.
“That type of exposure is so widespread, that at a minimum, the exposure would be an accumulation event.”
Munich Re would deem them uninsurable because – at least under a cyber policy – the reinsurer could not quantify the maximum probable loss, she suggested.
Then there is the category of war losses.
“I think it is just a question of adequately defining what war means from a cyber perspective. War has changed. Thinking about old-fashioned kinetic war may not make sense for cyber,” said Zeilman.
“The industry right now is using kind of a hodgepodge of old property-oriented war clauses modified to try to suit cyber better.”
He suggested that with a number of industry-wide initiatives, insurers aim to draft wording on exactly what a cyber war event would look like.