A new whitepaper from Marsh McLennan (NYSE: MMC), the world’s leading professional services firm in the areas of risk, strategy and people, and Zurich Insurance Group (SWX: ZURN), a leading global multi-line insurer and provider of resilience services, highlights the critical need for greater public sector involvement to strengthen societal resilience in the event a catastrophic cyber event occurs.
The whitepaper, Closing the cyber risk protection gap, emphasises the urgent need for innovative solutions to close the gap between risk and insurance – particularly for small and medium-size businesses that are often uninsured or underinsured – as rapidly-evolving cyber threats are outpacing the capacity of traditional insurance and risk management solutions to fully mitigate them. It highlights mass malware and mass cloud outage as examples of cyber incidents that are currently considered insurable up to a certain level of financial loss, and events such as critical infrastructure failure, which are generally considered uninsurable.
John Doyle, President & Chief Executive Officer, Marsh McLennan, said: “The severe threat presented by cyber risks requires collective action to bridge the protection gap. The insurance industry and the public sector must fully understand the spectrum of insurable and currently non-insurable cyber events. Through greater collaboration, we can develop innovative solutions, inform insurance buyers, enhance the cyber insurance market, and establish robust public-private partnerships that safeguard our society and economy from potentially catastrophic cyber events.”
Mario Greco, Group Chief Executive Officer, Zurich Insurance Group, said: “The threat of cyberattacks poses a significant risk to both societal and economic stability. As insurers, we can offer some degree of protection, but we must acknowledge that large-scale, catastrophic cyber events present substantial accumulation risks that cannot be borne by the private sector alone. Therefore, enhancing cyber resilience is vital to addressing this protection gap. Achieving this requires strong public-private partnerships to develop comprehensive strategies that secure our digital future.”
According to the whitepaper, establishing a common framework for data sharing, greater and more meaningful collaboration, and innovation between the insurance industry and public sector is required to help tackle this protection gap, strengthen resilience, and safeguard societies and economies from the escalating cyber threat landscape. This not only includes ransomware attacks and threats from bad actors, but global IT outages and other increasingly interconnected incidents.
The framework would include robust incentives as an alternative to further regulation, methods to measure quantifiable catastrophic cyber risk, and strategies to manage unquantifiable cyber risk through public-private partnerships. The whitepaper asserts that these measures could help sustain the broader economy and create capacity for the insurance market to support society against the backdrop of severe financial accumulation risks.