Major cyber attacks are almost becoming the flavor of the month. Sony, JP Morgan, the Home Depot, the U.S. Postal Service, the Target Corporation — the list goes on and on.
If there is anything more challenging than preventing cyber attacks, it is figuring out how to cover the growing risk.
As I cover in my recently released Contingencies article, “Plugging Data Security Breaches,” underwriting is especially difficult. Since the cyber insurance market is growing exponentially, carriers are eager to snap up market share. Meanwhile, their actuaries are concerned about carrying greater liability and pricing.
When it comes to pricing, like any emerging type of insurance, lack of historical data is a big actuarial challenge. Without historical data, actuaries cannot drive using the rear view mirror. Unfortunately, at some point, it seems there will be enough cyber breaches to address that challenge.
At the same time, actuaries will need to use future-forward data and assumptions to prepare for the unimaginable. As I cover in an Actuarial Review article, these challenges are similar for actuaries dealing with terrorism coverage. Because cyber risks and attacks are becoming more serious and hard to anticipate, I predict that the federal government will eventually offer a backstop for cyber insurance just like for terrorism coverage. Technological innovations, as outlined in a previous Contingencies article, will help actuaries rise to these challenges.
Without historical data, actuaries cannot drive using the rear view mirror.
The good news is that insurers are getting smarter on how they offer cyber coverage and pricing. To even procure cyber coverage, customers must demonstrate meaningful and defined risk management strategies. I predict that insurers will require even more risk management as best practices continue to emerge.
Cyber Terrorism Threat Continues to Emerge
As for predicting the unimaginable, cyber attacks are also rising to the level of acts of terrorism. A year ago when the Target breach was making headlines, companies were concerned about facing the liabilities for cyber attacks that usually went after the personal and financial information of their companies and customers.
The recent cyber attack on Sony however, is a different animal when hackers threaten violence at movie theaters that show a particular film. This is especially true if the CIA is right and the attack came from the North Korean government. Even if the current theory, that former Sony employees were behind the attack, is correct, this new way of threatening businesses and individuals is likely to be another factor actuaries will need to consider when pricing coverage.
The truth is, nobody knows what is next. While my new article also talks about a Cybergeddon that could cripple the U.S. economy or even worldwide, there is also grave concern that attackers will destroy utility computer systems, which has repercussions too terrible to imagine.
If the past is the best predictor of the future, I have full faith that actuaries will work through their challenges. After all, they are not just number crunchers, but creative thinkers who can use technology to its best advantage.