The Colonial Pipeline's ransomware attack that temporarily weakened the largest fuel line in the United States and led to a gasoline run by panicked consumers will further strengthen a tightening insurance market, experts say.
The crisis will intensify ongoing trends.
It will also encourage insurers to require policyholders to adopt basic cybersecurity measures before agreeing to provide coverage and will increase the demand for coverage, especially among sectors that have been slow to adopt, they say.
President Biden issued an executive order last week demanding improved security measures and data collection for companies doing business with the federal government.
Some experts point to the counterattack attempted earlier this year by an unknown hacker to put lye in a small Florida town water treatment plant as an example of the nonf financial effects ransomware attacks can have.
However, the Colonial Pipeline event may be the first in the United States to affect a wide range of the public, observers say.
"The attack only seems to be getting worse, and the insurance community has already responded," with insurance coverage and sublimit, "said John Farley, New York-based CEO of Arthur J. Gallagher & Co.'s Cyber Liability Practice.
"Underwriters will continue to raise their expectations of insureds in terms of cybersecurity system policies and procedures and raise the level needed to qualify for cyber insurance," said Jeffrey M. Dennis, Head of Privacy and Security at Newmeyer & Dillion in Newport. Beach, California.
There has been a major shift among insurers for some time toward imposing an obligation on companies to have basic security measures, such as multifactor authentication, before they become eligible for cyber insurance, says Megan North, Seattle-based vice president and broker at Amwins Group. Inc.
The Colonial Pipeline incident "validated the insurance control we currently see," said Anthony Dagostino, New York-based executive vice president, global cyber and technology practice, at Lockton Cos. Inc.
He added that the energy sector is lagging behind other sectors such as retail, banking, healthcare and manufacturing as it has turned to cyber insurance. "I think this will change that," he said.
Sectors that were among the first to adopt cyber insurance had privacy issues, but many other sectors had already begun to evaluate coverage and this event will lead to increased purchases. , says Matt McCabe, New York-based senior vice president of Marsh LLC's cyber practice.
The event is an alarm clock for many domestic and global companies working with older and obsolete systems, wife. Sade North. The latter refers to when the developer has stopped creating software updates and patches.
Earlier this month, Axa France, Axa Group's French general insurance entity, said it will no longer reimburse ransomware payments when it takes out new insurance policies and says it is awaiting legislation. the authorities' position on the issue. Experts say they do not expect others to follow Axa's leadership.
The Colonial Pipeline incident may also affect other types of coverage, such as certain conditional business coverage that would apply in the event of supply chain disruptions, says Marcus A. Christian. , a partner in the Mayer Brown LLP's cyber security and data privacy practices in Washington.
State and local governments recognize the need for some form of government response, such as the federal backstop for terrorist insurance losses or a pooled risk strategy, said Jeff Schermerhorn, Los Angeles-based regional leader, FINEX, cyber and error and omissions, at Willis Towers Watson PLC.