Find an article
Connect with us

Register For Latest Posts and Risk Lounge Weekly

The Catastrophic Cyber Risk and Impact on Aggregate Exposures
Monday 19 October 2015
Author: Russell Group
Tags: Cyber Risks, Aggregate Exposures, Hacking; Reputational Risk, Enterprise Risk, Connected Risks

Mechanical engineering designers are becoming software engineers with certain manufacturers - GE, Airbus, and Danaher, for example, establishing bureaus in software-engineering centres such as Silicon Valley. 

Recent cyber hacks that have inflicted significant operational and reputational damage on targets such as, Target and Sony are concentrating insurance minds on the security risks in this connected world.

As a recent Harvard report How Smart, Connected Products Are Transforming Companies notes: “With the advent of smart, connected devices, the game changes dramatically. The job of ensuring IT security now cuts across all functions.”

All functions and from an underwriting point of view, potentially all Specialty insurance classes need to be re-assessed for vulnerabilities. Planes can be hacked as can oil tankers or offshore rigs. Financial institutions or entertainment companies can see their data compromised and shared beyond their customer base because every smart, connected device may be a point of network access, a target of hackers, or a launch pad for cyberattacks. 

According to Harvard:

“The risk posed by hackers penetrating aircraft, automobiles, medical equipment, generators, and other connected products could be far greater than the risks from a breach of a business e-mail server.”

All companies large and small need to carefully asses their security and how it affects multiple functions with IT continuing to play a key role in implementing best practices for data and network security. That is all very well but it still does not address a key concern for (re)insurers, which is the supply chain risk and the wider aggregate exposure. 

An organisation or individual can protect their own interests to a certain extent but their ability to conduct a security audit on all their suppliers and partners is a different matter entirely.

As Russell Group noted recently, none of the major commercial risk model vendors has a model for inter-connected risks such as political, cyber or supply chain at present, which is surprising when you consider, for example, that monitoring the aggregation of cyber exposures represents probably the biggest challenge for the market today.

This is a theme that Russell Group has been exploring with increasing regularity in conversations with specialty (re)insurers in the last 18 months. Enterprise connected risk solutions can help address the absence of a workable standardised cyber risk model.