Why it matters: Attacks on critical technologies and cyber infrastructure are increasingly becoming the most dangerous threat to civilization. At least, that’s what some front men of insurance companies think, who don’t seem to want to pay victims the huge sums of money needed to cover the costs of attacks.
The cost of cyberattacks will soon become so high that insurance companies will no longer be able to do business with the affected parties. According to Mario Greco, executive director of Zurich Insurance Group, cyber risks will soon replace pandemics, climate change and other natural disasters as systemic risks that are essentially “not insurable.”
For the second year in a row, 2022 ends with claims worth more than $100 billion in connection with natural disasters, but according to Greco, the real risk is cybersecurity. “What if someone takes control of vital parts of our infrastructure, the consequences of this?” Greco said in an interview with the Financial Times.
The CEO of the Swiss insurance giant — a company with 55,000 employees and customers in 215 countries — suggests that cyber attacks may go beyond a simple data leak. “We are talking about civilization,” Greco said, because black hackers, cybercriminals and state—sponsored tech spies can “seriously destroy our lives.”
The increased activity of the aforementioned cybercriminals and spies has already made important changes in the insurance business. Cyber losses are skyrocketing, so insurance companies are struggling to limit the amount of money provided to their customers. Insurance costs have increased, and policies have been “tweaked” so that customers get less by paying more.
Among the outstanding examples of the new regime is the food company Mondelez, which Zurich initially refused to pay $ 100 million after the NotPetya attack in 2019. The formal reason: the insurance policy excluded “military actions”. In September, Lloyd’s of London decided that insurance policies should provide an exception for state-backed attacks in order to limit systemic risks to the market.
According to Greco, the only way to ensure that insurance companies will continue to do business in the technology and private market is to create a kind of private—public system to better absorb and handle systemic risks.
According to Greco, these risks are not quantifiable, and they should be treated the same as earthquakes or terrorist attacks when it comes to insurance costs for private companies. In this regard, the Director General of Zurich praised the US government and how Washington is demanding an opinion on the potential response of federal insurance to cyber threats, such as the incident with the colonial pipeline.