Today, Z/Yen Group Limited publishes a new Long Finance report titled "Promoting UK Cyber Prosperity: Public-Private Cyber-Catastrophe Reinsurance". In the face of rapidly growing cyberrisk, the tools of insurance, i.e. risk management and shared learning, need to be rapidly grown and deployed. If society wishes to bring insurance to bear on helping to manage cyber-risk, then cyber-catastrophe reinsurance needs to be available for property damage, business interruption, and third party liabilities in order to remove blockages to rapid take-up of cyber insurance by businesses.
The report analyses the nature and evidence of cyber-risks, with a focus on cybercatastrophe events. The report explores how a public-private cyber-catastrophe reinsurance scheme could help secure ICT-based prosperity in the UK by helping insurers insure themselves to insure others. The scheme would provide cover to a group of insurers above a catastrophic loss threshold, in effect a pool funded by the insurance industry. The UK government's role would be one of promotion and (possibly) a last resort insurer only in the event that industry retentions and the scheme's reserves have been exhausted. In all likelihood, the UK government would be a last resort insurer anyway but in this way it would benefit from a buffer much deeper than the one it enjoys today.
- the scheme should provide more standardised wordings linking cyber-catastrophe to the policies members write, and more standardised data collection for analytical purposes;
- the scheme should promote the use and evolution through learning of ICT security and risk management standards such as Cyber Essentials, ISO 27000, NIST, or CESG's 10 Steps;
- insurance regulators should strongly encourage membership by insurers providing cyber cover;
- members should jointly seek reinsurance for a cyber-catastrophe, including consideration of cyber-catastrophe linked securities;
- government should facilitate, but not underwrite, the scheme's reinsurance - government oversight could help the issuance of cyber-catastrophe linked bonds;
- government and regulators should strongly encourage cyber insurance for essential services and critical national infrastructure including financial services, and incorporate cyber insurance in government procurement processes, e.g. requirement to purchase if unable to show appropriate management or retentions.
Richard Pharro, CEO at APM Group said: We are now dependent on electronic networks which define our economy, infrastructure and day-to-day lives. The issue of cybersecurity is fast moving towards a high stakes game for everyone, so it is entirely appropriate that we take robust steps towards putting the UK on a secure cyber footing. It is with everyone's prosperity and safety in mind that a publicprivate reinsurance scheme be considered to add certainty to UK plc cyber resilience. Whilst providing support for our economy against future threats an initiative such as this would raise general awareness about cyber security in the Board room.
Commissioner Adrian Leppard, the UK national policing lead for Fraud and Cyber said: Cyber insurance has a vital role to play in helping to keep society safe from the growing threat we are facing. Traditional enforcement methods have limited impact in this area and better standards for information security endorsed through comprehensive insurance models are an important means of creating a safer world for our communities.
Professor Michael Mainelli, Executive Chairman of Z/Yen and a coauthor said: Historically, insurance has taught society how to handle risks from fire to workplace safety, road accidents, and life itself. To increase the rate of learning about cyber risk, society needs to increase the rate of cyber cover. A publicc-private cyber reinsurance scheme should be measured on how rapidly it helps us learn how to deal with the cyber-threats to our economic prosperity.