Cyber Insurance: Rising Importance Amid Major Outages

Frequency and Impact of Major Cyber Outages

Major cyber outages are increasingly frequent and impactful due to heightened geopolitical stress, the widespread adoption of remote work, and reliance on cloud services. Specific instances, such as a recent Microsoft outage linked to a software update, underscore the critical need for robust cybersecurity measures.

"We launched our Secure Future Initiative last fall for this reason, bringing together every part of the company to advance cybersecurity protection, and we are doubling down on this very important work, putting security above all else, before all other features and investments." --- (MSFT, earning call, 2024/Q3)

"security. I don't think that's necessarily based on technical debt. Within security, I think it's based on the world we live in and some of the geopolitical stress that's out there that seems to be getting worse, not better at this point." --- (CSCO, conference, 2024/05/20)

"One notable effect is the widespread adoption of remote work, which has led to an increased reliance on cloud-based services and a heightened awareness of cybersecurity risks." --- (IBM, press release, 2024/05/23)

"What happens this year, a major election year? If races around the world are manipulated by bad actors generating mis and disinformation through Meta's AI products and spewing it across Instagram and Facebook, the consequences could be devastating." --- (META, event transcript, 2024/05/29)

"The outage was quickly linked to a software update issued on Microsoft Windows systems by the cybersecurity company CrowdStrike." --- (MSFT, press release, 2024/07/26)

Economic Consequences of Cyber Outages

Cyber outages pose significant economic risks, particularly with increased cloud adoption and the complexity of cyber threats. Financial institutions highlight the potential disruptions in consumer spending and financial transactions, emphasizing the need for substantial cybersecurity investments to mitigate these risks and ensure economic stability.

"So we're not even talking about that anymore. And that's why we should be forward looking, thinking about the real risk systems, which you see are cyber. And of course, as people go to the cloud, it creates a whole new level of cyber risk, which you've seen already if you read some of these announcements coming out." --- (JPM, event transcript, 2024/05/20)

"So a couple of things I think would be interest to your colleagues here. Number 1, if you look at what we talk about a lot is the spending, the money moving through the consumers' accounts, which is $4,000,000,000,000 plus a year, which is money moving out in the economy, cash out of the ATMs, checks written, settle payments, debit and credit cards." --- (BAC, conference, 2024/05/30)

"And here size becomes a real advantage because you can afford to get ahead of cyber scenarios and bad actors and state of the art surveilling." --- (MS, conference, 2024/06/10)

"And the complexity of cyber and the risk of the development of cyber and our investment in cyber was going to be a good marketing tool that will help us to consolidate our market share and the industry will consolidate.The other thing that was happening at the time, it was very, very hot in this space, the fintech where the incentive for these companies was to invest as much as possible to grow the top line and forget about the bottom line." --- (JPM, event transcript, 2024/05/20)

"While all of these events and associated instability have serious ramifications to our company, colleagues, clients and countries where we do business, their consequences on the world at large are far more important.JPMorgan Chase is a company that historically has worked across borders and boundaries and continue to do its part to ensure the global economy is safe and secure." --- (JPM, event transcript, 2024/05/21)

Risk Mitigation Through Cyber Insurance

Cyber insurance mitigates risks by covering losses from cyber-attacks, including property damage, data breaches, and business interruptions. Regulatory frameworks like the EU's DORA mandate robust risk management, emphasizing the importance of cyber insurance in protecting against operational disruptions and intellectual property threats.

"Catastrophe insurance risk is the exposure arising from both natural catastrophes (e.g., weather, earthquakes, wildfires, pandemics) and man-made catastrophes (e.g., terrorism, cyber-attacks) that create a concentration or aggregation of loss across the Company's insurance or asset portfolios." --- (HIG, sec filing, 2024/Q2)

"Technology and Intellectual Property Risks as a result of cyber attacks (the risk of which could be exacerbated by geopolitical tensions) or otherwise, the Company may experience difficulties with technology, data and network security or outsourcing relationships; the Company's dependence on effective information technology systems and on continuing to develop and implement improvements in technology, including with respect to artificial intelligence; and the Company may be unable to protect and enforce its own intellectual property or may be subject to claims for infringing the intellectual property of others. Regulatory and Compliance Risks" --- (TRV, press release, 2024/07/19)

"In the European Union, the EU Digital Operational Resilience Act (DORA) will require covered entities, including insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries, other than micro-, small, or medium enterprises, to comply with a wide range of organizational and technical requirements to identify, manage and mitigate operational risk arising from use of network and information systems and, in particular, the use of third party ICT service providers. Covered entities will be required to comply with DORA by January 2025." --- (AIG, sec filing, 2024/Q1)

"• Cyber Insurance - Risk of loss to property, breach of data and business interruption from various types of cyber-attacks." --- (HIG, sec filing, 2024/Q1)

"Financial Lines: Products include professional liability insurance for a range of businesses and risks, including directors and officers, mergers and acquisitions, fidelity, employment practices, fiduciary liability, cyber risk, kidnap and ransom, and errors and omissions insurance." --- (AIG, sec filing, 2024/Q1)

Regulatory Landscape and Compliance

The evolving regulatory landscape, particularly in the EU and US, poses significant compliance challenges and risks for tech companies like Google, Meta, and Amazon. Ensuring regulatory compliance is crucial to protect business operations, financial results, and workforce reputation, underscoring the rising importance of cyber insurance.

"As the regulatory landscape continues to evolve globally, failure to comply with relevant regulation may lead to significant risk to the company." --- (GOOG, event transcript, 2024/06/07)

"In addition, we continue to monitor an active regulatory landscape, including the increasing legal and regulatory headwinds in the EU and the US that could significantly impact our business and our financial results." --- (META, earning call, 2024/Q1)

"Supporting proposal 17 will protect our workforce, ensure regulatory compliance and enhance our reputation." --- (AMZN, event transcript, 2024/05/22)

"In the mid-teens. In addition we continue to monitor an active regulatory landscape, including the increasing legal and regulatory headwinds in the EU and the US that could significantly impact our business and our financial results." --- (META, earning call, 2024/Q2)

"In addition, we continue to monitor an active regulatory landscape, including the increasing legal and" --- (META, earning call, 2024/Q1)

Technological Advancements in Cyber Insurance

Investments in cybersecurity innovation and R&D, collaborations like AWS and AXA's global B2B risk management platform, and technologies such as HyperShield are driving significant advancements in cyber insurance, enhancing the ability to counter sophisticated threats like Advanced Persistent Threats (APTs).

"Investments in Cybersecurity Innovation and R&D Investments in cybersecurity innovation and research and development (R&D) are driving advancements in military cyber defence technologies, tools, and techniques to counter evolving cyber threats and vulnerabilities." --- (CSCO, press release, 2024/04/05)

". @awscloud and global insurance leader @AXA are joining forces to develop the first global B2B risk management and prevention platform to help customers navigate complex risks like natural disasters and cyber threats." --- (AMZN, Twitter, 2024/04/10)

"Emergence of Advanced Persistent Threats (APTs) Advanced Persistent Threats (APTs) are sophisticated cyber-attacks conducted by well-funded and highly skilled adversaries, such as nation-state actors and cyber espionage groups, with the intent to infiltrate, exfiltrate, and persist within targeted military networks for extended periods without detection." --- (CSCO, press release, 2024/04/05)

"So when you think about security in this world, security in an environment that's so distributed, the entire architecture has to change, which is why we have to create enforcement points throughout the network.And that's what technologies like HyperShield are going to do for us." --- (CSCO, Investor Day, 2024/06/04)

Future Outlook and Market Developments

As networks and multicloud environments become increasingly critical, investments in cybersecurity are driving positive market sentiment, indicating a growing demand for cyber insurance.

"Strategy and Priorities As our customers add billions of new connections to their enterprises, and as more applications move to a multicloud environment, the network becomes even more critical." --- (CSCO, sec filing, 2024/Q3)

"And I think we've overall the entire leadership team, we've invested a lot of dollars into this and you're starting to see meaningful change in sentiment in the market from both partners and customers alike." --- (CSCO, conference, 2024/05/07)