Insurers risk ‘not being there for society’ if cyber challenge isn’t met: Lloyd's Tiernan
The insurance industry risks becoming less relevant to customers if it doesn’t address the problem of cyber and should be cautious about involving the government in a Pool Re-type structure for cyber risks, Patrick Tiernan, Lloyd's Chief of Markets, has warned.
During an event hosted by the Financial Times in London, Tiernan stressed that the economic losses from a large-scale cyber attack would far outweigh the insured losses, drawing a parallel to the improbability of a worldwide flood. "Even if we take all of the extreme cyber events that we model at Lloyd's and stack them together, it's … a one in 500 million chance. The loss from that is still less than a big Cat Five [hurricane] hitting Florida," Tiernan explained.
"We are not at the point of systemic damage to the insurance industry, but we are at the point of not actually being there for society,” he warned. Only around 2% of cyber losses are currently insured.
Tiernan urged the sector to educate clients about the necessity of cyber protections and to be transparent about the limitations of what can be insured. "We need to educate on the need for these cyber protections, and we do need to be honest with folks over what we can protect and what we can't," he added.
Tiernan highlighted the need for industry and government collaboration, suggesting it is premature to expect governments to participate in a Pool Re-style backstop for cyber events.
He said: “I think that there's a rush from some areas to say well, this is all too difficult. Let's give the government a shot and see if they can get out their chequebook. I think it's too early for that.” He said the insurance industry has yet to do the necessary modeling and the necessary client education. “I don't think we've actually engaged with customers to the extent that we need to. That's the work that we should be doing,” he added.
Tiernan cited discussions with intelligence communities indicating that up to 91% of cyber attacks could be prevented with better cyber hygiene, likening it to the use of seat belts and helmets. "When we were going through all this and speaking with intelligence communities, their numbers say that somewhere between 85% and 91% of all cyber attacks are preventable with better cyber hygiene," Tiernan said. "That's the equivalent of seat belts in cars and helmets on a motorcycle."
The FT panel also touched on the early stages of cyber risk management and the need for a collective industry approach to share risks. Baroness Nicky Morgan, chair of the Association of British Insurers, agreed with Tiernan's assessment, noting that while there is significant work underway, consumer appetite for comprehensive cyber insurance remains limited.
"A lot of the thinking on this is at quite early stages," she said. "It's a huge issue for boards and comes up all the time, but in terms of consumers, it's almost like it's in the 'too difficult' box."
The session also addressed concerns about the affordability and adequacy of cyber insurance products. While acknowledging improvements in defining cyber insurance coverage, speakers noted that the market is still evolving.
"The industry has done a pretty good job getting to a defined product," WTW chief executive Carl Hess noted. "Is it as all-encompassing as what had been implicitly in place before? No, it's not, but that was a stable environment. You can't have implicit cyber coverage as part of everything in the world we live in now."
