Insurance firms, technology companies, and governments, assemble! It’s time for an Avengers: Endgame-style battle against the world’s cyber threats.
Minus the MCU reference, that’s more or less the message that insurance carrier Zurich and insurance broker Marsh McLennan convey in a new white paper.
“Cyber threats are outpacing the ability of traditional insurance and risk management approaches to fully mitigate them,” according to the paper’s foreword, signed by Marsh McLennan president and CEO John Doyle and Zurich Group CEO Mario Greco. “The resulting cyber risk protection gap is a societal challenge that urgently needs collective action from both the insurance industry and the public sector.”
What’s at stake? Cybercrime is expected to only get more expensive, and quickly. The global cost of cybercrime could exceed $13.8 trillion in 2028, according to Statista research. And while it’s true that cyber insurance has made strides to help organizations cover this growing risk—reinsurer Munich Re predicts the global market will be approximately $29 billion in 2027—the cyber market protection gap (the chasm between insured and uninsured losses) was roughly $900 billion, according to a 2023 report by the Global Federation of Insurance Associations.
The solution(s). Marsh McLennan and Zurich recommended that, in order to address this massive cyber protection gap, organizations become more resilient to cyberattacks, the insurance industry address quantifiable risk, and a public-private partnership potentially manageunquantifiable or uninsurable risk.
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
Particular attention should be paid to small and midsize businesses, which are often underinsured and unprepared for cyber risks due to resource constraints, according to the white paper.
Inquiring minds may wonder why insurance companies can’t cover all cyber risks, and why they would need help from the public sector. According to the report, “a loss event could have such severe financial accumulation potential that financing by the traditional or alternative (re)insurance markets could become challenging.”
Government has stepped in before to help plug protection gaps, the two insurance firms noted. For example, there’s the US government-backed National Flood Insurance Program (NFIP), which provides homeowners and businesses with flood policies. Also, following the terrorist attacks of Sept. 11, 2001, lawmakers created a backstop that allowed insurers to access terrorism reinsurance coverage through the Terrorism Risk Insurance Act.
“Cyber risk is now akin to these other risks,” Zurich and Marsh McLennan noted in the report. “The need for a public-private approach for cyber risk has emerged from the continuing transformation of the digital economy, the blending of physical processes with virtual control, and the growing role and expanding capabilities of new technologies, most recently, generative AI.”