Report recommends Public-Private Reinsurance scheme to support UK prosperity
A new Long Finance report finds that a public/private cyber catastrophe reinsurance scheme would support UK cyber prosperity while adding clarity and certainty in the insurance market
This is the conclusion of the Z/Yen Group/Long Finance report titled "Promoting UK Cyber Prosperity: Public-Private Cyber-Catastrophe Reinsurance".
In the face of rapidly growing cyber risk, the tools of insurance, i.e. risk management and shared learning, need to be rapidly grown and deployed. If society wishes to bring insurance to bear on helping to manage cyber risk, then cyber-catastrophe reinsurance needs to be available for property damage, business interruption, and third party liabilities in order to remove blockages to rapid take up of cyber insurance by businesses.
The report analyses the nature and evidence of cyber risks, with a focus on cyber catastrophe events. The report explores how a public-private cyber catastrophe reinsurance scheme could help secure ICTbased prosperity in the UK by helping insurers insure themselves to insure others. The scheme would provide cover to a group of insurers above a catastrophic loss threshold, in effect a pool funded by the insurance industry.
The UK government's role would be one of promotion and (possibly) a last resort insurer only in the event that industry retentions and the scheme's reserves have been exhausted. In all likelihood, the UK government would be a last resort insurer anyway but in this way it would benefit from a buffer much deeper than the one it enjoys today.
- the scheme should provide more standardised wordings linking cyber catastrophe to the policies members write, and more standardised data collection for analytical purposes;
- the scheme should promote the use and evolution through learning of ICT security and risk management standards such as Cyber Essentials, ISO 27000, NIST, or CESG's 10 Steps;
- insurance regulators should strongly encourage membership by insurers providing cyber cover;
- members should jointly seek reinsurance for a cyber-catastrophe, including consideration of cyber-catastrophe linked securities; government should facilitate, but not underwrite, the scheme's reinsurance government oversight could help the issuance of cyber catastrophe linked bonds;
- government and regulators should strongly encourage cyber insurance for essential services and critical national infrastructure including financial services, and incorporate cyber insurance in government procurement processes, e.g. requirement to purchase if unable to show appropriate management or retentions.
This report is the outcome of a Long Finance research project carried out by Z/Yen Group between May and July 2015 and co-sponsored by APM Group (more information).
The research involved 80 interviews and two events with professionals working in insurance and reinsurance as well as government, academia and civil society.
At the launch held on 27th July at the City Centre, Professor Michael Mainelli presented the findings from the report, followed by a panel discussion with Tom Bolt (Lloyd's), Martin Huddleston (Dstl), Commissioner Adrian Leppard (City of London Police) and chaired by Hugh Morris (Tori Global).
Richard Pharro, CEO at APM Group said: We are now dependent on electronic networks which define our economy, infrastructure and day today lives. The issue of cybersecurity is fast moving towards a high stakes game for everyone, so it is entirely appropriate that we take robust steps towards putting the UK on a secure cyber footing. It is with everyone's prosperity and safety in mind that a publicprivate reinsurance scheme be considered to add certainty to UK plc cyber resilience. Whilst providing support for our economy against future threats an initiative such as this would raise general awareness about cyber security in the Board room.
Commissioner Adrian Leppard, the UK national policing lead for Fraud and Cyber said: Cyber insurance has a vital role to play in helping to keep society safe from the growing threat we are facing. Traditional enforcement methods have limited impact in this area and better standards for information security endorsed through comprehensive insurance models are an important means of creating a safer world for our communities.
Professor Michael Mainelli, Executive Chairman of Z/Yen and a coauthor said: Historically, insurance has taught society how to handle risks from fire to workplace safety, road accidents, and life itself. To increase the rate of learning about cyber risk, society needs to increase the rate of cyber cover. A publicprivate cyber reinsurance scheme should be measured on how rapidly it helps us learn how to deal with the cyber threats to our economic prosperity.
You might also like ...
In this video, from Ace Group, Iain Ainslie explains how Cyber Risk is changing and how it now affects most business.
Iain talks on the disruption, liabilities and the expenses associated with a security breach. He argues that Cyber Risk is no longer just an IT issue, but a top line business risk that needs to be managed at board level.