Lloyd’s Insurer Says Cyber Risks Are Too Big to Cover

The head of the largest Lloyd’s of London insurers has called for governments to cover the risks of cyber attacks, saying the potential liabilities are too large for insurers to cover.

Stephen Catlin, founder of Catlin Group, said cyber security presented the “biggest, most systemic risk” he had encountered in his 42-year career in insurance, in part because a vulnerability in widely-used software or internet architecture can affect systems globally, putting the industry on the hook for simultaneous, multibillion-dollar payouts.

“Our balance sheets are not large enough to pay for that,” Catlin told the Insurance Insider London conference recently, according to The Financial Times.

In the latest cyber attack against a major US firm, health insurer Anthem reported earlier this week that hackers stole the account information of as many as 80 million customers. Other recent corporate victims include Sony Pictures, JPMorgan Chase, and Target.

Such electronic incursions present an opportunity for the insurance industry to sell more coverage. Policies are designed to help companies meet costs including mounting forensic investigations and defending lawsuits.

But Catlin stressed that cyber attacks are unusually systemic, rather than, for example, a natural disaster that affects only one specific region. “It’s possible that you can have the same loss happening around the globe,” he explained.

Governments have already established state-backed schemes to provide coverage for acts of terrorism, such as Pool Re in the United Kingdom and the Terrorism Risk Insurance program in the US, because the insurance market was unwilling to do so. But Catlin said cyber security posed an even bigger threat than terrorism.

“He’s got a valid point,” Andrew Horton, chief executive of Beazley, a rival Lloyd’s insurer, told the FT. “We’re very mindful of the potential aggregation impact. It’s something governments should be putting a lot of thought into.”

Rob Lay, a security expert at Fujitsu, said businesses should not rely on insurance to protect themselves from a cyber attack. “While insurance may help mitigate some of the financial impact of a security incident or breach, the reputational impact and the impact to the business operation cannot be mitigated with insurance in the same way,” he said in a news release.

Risk Management: http://bit.ly/1O8ZWXH

« Business Is Struggling To Combat Hacking
Israel’s Electrical Grid Cyber Attacked »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Security Audit Systems

Security Audit Systems

Security Audit Systems is a website security specialist providing website security audits and managed web security services.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

European Cyber Competence Network

European Cyber Competence Network

The purpose of the European Cyber Competence Network is to retain and develop the cybersecurity technological and industrial capacities of the EU necessary to secure its Digital Single Market.

Trilateral Research

Trilateral Research

Trilateral Research provide regulatory and policy advice; develop new data-driven technologies and contribute to the latest standards in safeguarding privacy, ethics and human rights.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

Sotero

Sotero

Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment.

ACL Digital

ACL Digital

ACL Digital, an ALTEN Group company, is a leader in design-led digital experience, innovation, enterprise modernization, and product engineering services converging to Technology, Media & Telecom.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

SPIE Switzerland

SPIE Switzerland

SPIE Switzerland AG, a subsidiary of the SPIE Group, is a Swiss full-service provider of ICT, multi-technical and integral facility services.

CQR

CQR

CQR are at the forefront of innovative cyber solutions, dedicated to securing and fortifying Operational technology (OT) infrastructure.