The potential for a state-backed cyberattack to have a “catastrophic” impact on society requires a new approach to cyber insurance, reinsurance giant Swiss Re has said.
The digitalization of critical infrastructure has created a situation in which a large scale cyberattack could have a “devastating” effect on society in having the potential to interrupt the provision of clean water, energy, or internet services for an extended period, the report warns.
Swiss Re noted such a large-scale cyberattack, launched by either state-backed or private actors, would in turn lead to systemic losses for the insurance sector, due to the impacts on the “broader economy and society at large”.
It warns these losses could “overwhelm” insurers, as it argues the insurance sector itself must take a new approach to cyber risk in order to prevent systemic losses.
The report calls for industry-wide efforts to standardize data on cyberattacks, with a view to enabling better analysis and allowing for more accurate modelling and pricing.
It also calls for a standardization of language in cyber insurance policies, with a view to greater consistency across exclusion, terms and conditions.
Swiss Re’s report comes after Lloyd’s of London in August told insurers to stop providing coverage for state-backed cyber attacks in their standard insurance policies.
In 2015, Lloyd’s estimated a large-scale cyber attack on the US power grid could result in $1bn (£873bn) worth of damage leading to insured losses of $71bn.
Swiss Re’s report notes that ransomware-for-hire services have lowered barriers to entry for cybercriminals, as the report warns increasingly sophisticated methods are now being used to launch attacks.
It notes that a recent surge in ransomware attacks since 2020 has already driven up cyber insurance premiums, while also caused the profitability of the the cyber insurance sector to drop.