Key cyber insurance stakeholders urge government to help close $900B in uncovered risk

Summary: Marsh McLennan and Zurich Insurance Group are urging government intervention to address the significant risk of catastrophic cyber events and the $900 billion gap in insurance coverage for economic losses from cyberattacks. The cyber insurance market is projected to grow substantially, yet many small to medium-sized businesses remain underinsured or without coverage.

Threat Actor: Unknown | cyberattacks
Victim: Various businesses | small to medium-sized businesses

Key Point :

  • Marsh McLennan and Zurich Insurance Group highlight a $900 billion gap between insured and economic losses from cyberattacks.
  • The cyber insurance market is expected to exceed $28 billion in gross written premiums by 2027.
  • Many small to medium-sized businesses lack adequate insurance coverage against cyber risks.
  • The U.S. government is exploring ways to strengthen the cyber insurance market, particularly for catastrophic risks.
  • Recent incidents, like the CrowdStrike software outage, have underscored the financial impact of cyber events.

Dive Brief:

  • Marsh McLennan and Zurich Insurance Group on Thursday issued a call for government intervention to help resolve the growing risk of catastrophic cyber events and a multibillion dollar gap in terms of what the current insurance market can absorb. 
  • The cyber insurance market has seen significant growth in recent years, and is expected to exceed $28 billion in gross written premiums in 2027, more than double the amount written in 2023, according to a whitepaper released by the firms Thursday.  
  • However, the companies warn a risk protection gap of about $900 billion exists between insured losses and economic losses due to cyberattacks. Many small- to medium-sized businesses are either underinsured or carry no coverage to protect against such losses. 

Dive Insight:

The whitepaper comes against the backdrop of rising concerns about the risk of a catastrophic cyber event. The IT security industry is still recovering from a massive outage in July when a faulty CrowdStrike software update led to an outage involving 8.5 million Microsoft Windows devices. 

The costs from that incident was expected to reach $5.4 billion in direct losses for the Fortune 500. In addition, estimated insured losses were expected to reach $1 billion. 

But concerns about the impact of major cyber incidents date back to the NotPetya attacks in 2017. 

“The idea of catastrophic cyber risk and just the idea of systemic — or what I would like to call connected risks — has been on the minds of what I would say regulators, underwriters/capital providers, brokers and large multinational organizations for quite some time,” Greg Eskins, head of the Global Cyber Insurance Center at Marsh Specialty, said in an interview. 

The industry would like to see incentives to help industry build resilience and also additional work to address small and mid-sized businesses that lack coverage. 

Marsh McLennan wrote to the U.S. Treasury Department’s Federal Insurance Office in 2022 urging the government to closely examine catastrophic insurance risk as an issue. 

The industry and governments worldwide have been closely monitoring how cyberattacks and breaches have impacted major industries and national economies. Earlier this year, the U.S. Treasury’s Federal Insurance Office announced a partnership with the National Science Foundation to study the growing risks of terrorism and catastrophic cyber events on the international insurance market. 

A Treasury Department spokesperson told Cybersecurity Dive the FIO office has been working closely with the National Cyber Director and the Cybersecurity and Infrastructure Security Agency to address catastrophic cyber risk. 

“As part of that work, we are engaging with a wide range of external stakeholders, but we can’t comment further at this time,” the spokesperson said via email.

The White House confirmed it is exploring plans to address the issue, which is referenced in the national cybersecurity strategy.

“In line with the president’s National Cybersecurity Strategy, we are looking at ways we can strengthen the cyber insurance market, starting with catastrophic risk,” a spokesperson for the Office of the National Cyber Director said via email.

“Working with our partners at the Department of the Treasury’s Federal Insurance Office and CISA, we are developing a policy proposal to address how the government can support our communities through insurance in the event of a catastrophic cyber incident.”

Source: https://www.cybersecuritydive.com/news/cyber-insurance-government-900b/726305