Last month's record summarized key facts from the newly emerging risk report published by Lloyd's of London and the risk modeling company Cyence, which highlights several key conclusions on cyber risk and the Internet insurance market more generally. In this post, we take a closer look at some of the more significant issues with cybersecurity discussed in the report, a full copy of which is here.
first The Difficulty of Days Challenges
All companies face great risk from attacks using "zero day" vulnerabilities. As Lloyd's report explains, zero-day vulnerabilities are "a particularly serious part of vulnerabilities unknown to a software vendor or information security society" where "zero" refers to how long the cyber security community has been aware of the vulnerability of pasting it. The zero day exploits, which often occurs and ̵
It is unlikely that days of vulnerability will subside at any time, so policyholders should evaluate whether their coverage is adequate in the event of a "mass vulnerability" attack, and be vigilant to proactively monitor and respond to future zero-day operations.
2. Significant coverage deficiencies associated with global cyber events
Lloyd's report also highlights a significant gap in various hypothetical scenarios, including with regard to coverage for quota interruptions ( CBI) at a cloud service attack.
As discussed in the report, cyber policy generally includes some form of disruption to business interruptions to respond when cyber events interfere with a company's digital business. However, cyber policy varies greatly with regard to whether there is coverage for the CBI (ie coverage for policyholders lost profits and additional costs caused by disruptions in a vendor or customer's business). Some cyber policies completely exclude the CBI while others are policies for CBI losses.
However, CBI losses are particularly important in the cyber context because a large-scale disruption caused by a cyber attack by a major cloud service provider or similar provider could have significant repercussions in many industries worldwide relying on uninterrupted service. Lloyd's report presents a strong picture in analyzing potential coverage for such risks, estimating a potential "gap" of $ 4 billion (for a large loss) and $ 45 billion (for extreme losses) following a significant disruption to the cloud service. Estimated in various ways, the report estimates that only 12% to 17% of expected losses are covered when taking into account large losses and extreme loss scenarios, compared to 30% for the world's ten most costly natural disasters. Policyholders should be aware of this important issue when assessing whether their cyber coverage is adequate.
3. Importance of risk modeling and current barriers on Cyber Market
Lloyd's report concludes that not enough policyholders supplement risk modeling. This means that policyholders lack adequate information about potential exposures, how to manage these risks and the extent of long-term exposure in connection with these risks. As policyholders do not have the information, insurers who are a current obstacle do not insure the market.
Policyholders should work with their critical staff, including accounts payable and IT staff, to predict common and worst cases of cybercrime scenarios, and test these scenarios against existing risk management protocols. Such information will not only improve cybersecurity, but will also help policyholders identify new or expanded covers that may be needed to handle exposures identified during testing. When insurance consumers are better educated about their needs, the insurance market is better at providing envelopes that really respond to corporate daily reality during cyber attack.