The insurance industry’s ability to respond to the needs of the marine and energy industry around cyber threats has been questioned by a leading risk consultant.
Speaking to IHS Markit, Dennis Culligan, of insurance, risk, and claim management consultancy Longdown EIC, said insurers needed to create new products for the very specific risks the maritime industry faces.
“In the marine and energy space, for so long identified as an area where firms were behind the curve on security efforts, we have witnessed a major shock with Maersk badly affected by the recent Wannacry attack,” he said. “For one of the world’s biggest shipping firms to fall foul of cyber criminals is a wake-up call to the wider international marine and energy community. However, we have to ask is the re/insurance sector providing the products that meet the needs of the client?”
Since 2013, Culligan said, cyber risk had been in the top three concerns reported by corporate risk managers in his firm’s annual survey of risk and insurance challenges.
“So far however this has not translated into a large-scale purchase of cyber-insurance products beyond the area of compensation for third-party data breach – predominantly of interest to retailers and financial service companies.
“A major concern of marine and energy companies at present is the fact that there are a myriad definitions as to exactly what constitutes a cyber-risk event across the underwriting community.”
He cites fears around the level of potential exposure, the lack of claims data, and the concerns over the ability of cyber criminals or governments to launch crippling cyber attacks behind the reluctance of insurers to assume the risks.
He believed that a standalone cyber cover was probably the better solution for the sector, as long as the cover fitted the client’s specific needs.
“At present cyber products tend to focus on third-party loss in terms of data breach and theft,” he said. “For the marine sector the much greater threat can be damage to assets and potentially catastrophic revenue loss caused by hackers, accessing Supervisory and Control Data Access [SCADA] systems.
“A second issue remains that of the level of limits of coverage available. The questions around the exposures and risk aggregation continue and as such firms have struggled to access the necessary levels of cover to meet their needs.
“The question therefore is how the market reacts, and in many ways that response will be driven by the reinsurance market. It is clear that the primary underwriters remain reluctant at best to commit to the limits that many major corporations are keen to buy and also deliver more bespoke coverages that meet the specific needs of certain sectors of the business community,” Culligan said. “Some senior market practitioners have doubted whether cyber risk should be the subject of conventional insurance at all, given the systemic nature of the exposure and the difficulty in assessing aggregations.”