Cyber-risk is a dynamic and unstable risk that today is poorly managed in general by public and private sector companies. Demonstrated by the frequency, complexity and severity of cyber attacks; the ability of the insurance industry to economically underwrite and mediate cyber insurance claims, and recent interventions by the US government in cyber legislation and cyber regulatory enforcement.
The enclosed paper discusses the dynamic and evolving nature of cyber-risk and its transition from an extreme loss to an expected loss event. The failure of market forces to mitigate cyber-risk and the increased involvement of governments in the creation of cyber legislation and regulatory enforcement regimes. That when combined create significant challenges for the insurance and reinsurance industry in providing suitable policies, to manage cyber-risk. Without which significant pressure will be placed on the private sector as insurance costs increase and coverage falls, eroding a traditional risk mitigation tool. As demonstrated by increased insurance loss ratios (avg. 67% 2020), increased premiums and reduced insurance coverage following the rise in ransomware attacks.