The cyber insurance market faces growing pains, as computer systems are becoming increasingly embedded in all aspects of business and crime, says cybersecurity expert Josephine Wolff. Insurers lack a clear definition of cybercrime and are working in an unregulated industry without adequate support from policymakers, she explains. Wolff guides readers through the complex challenges emerging cyber threats present while making suggestions to policymakers and insurers regarding how to mitigate the impacts of mass-scale cyberattacks better.
Cyber risks pose new, complex challenges to insurers, leaving companies vulnerable.
NotPetya, one of the world’s most destructive pieces of malware, took down computer systems at major US corporations in 2017, including consumer goods manufacturer Reckitt Benckiser and Deerfield, Illinois-based snack company Mondelez International. NotPetya took control of 10% of computers in Ukraine, leading to suspicions of Russian military involvement. The insurer Zurich refused to pay out Mondelez’s claim, arguing that it wasn’t responsible for damage or losses caused by “hostile or warlike action in time of peace or war.” The logic behind Zurich’s exclusion wasn’t clear-cut: Was a cyberattack on the US manufacturer of Oreo cookies and Ritz Crackers an act of war? The case remains undecided today, as Zurich pursued settlement negotiations outside of court, drawing attention to the complexities and ambiguity in the cyber insurance industry.
Cybersecurity risks differ from other forms of risk in a critical way: Insurers rarely find themselves having to pay out multiple claims simultaneously, yet cybersecurity...
Comment on this summary or Start Discussion