Cyber insurance gap leaves firms vulnerable to digital threats
A new Bank for International Settlements (BIS) paper reveals a significant protection gap in cyber insurance, with only 1 percent of global economic cyber losses currently covered. Small and medium-sized enterprises (SMEs) are particularly vulnerable due to underinsurance.
The escalating digital threat
In an increasingly digitalised world, cyber risk poses a significant threat to financial and economic stability, amplified by emerging AI-driven threats.
Cyber incidents, ranging from malicious attacks like ransomware and data breaches to non-malicious causes such as technical malfunctions and human error, can disrupt critical infrastructure, global supply chains, and payment systems, leading to cascading failures across interconnected institutions.
The financial sector is particularly exposed to these acute risks, necessitating robust mitigation strategies.
Despite the escalating threat, the disconnect between rising cyber risk and the use of cyber insurance as a mitigation tool is remarkable, leaving a critical vulnerability in economic resilience.
Market challenges and ambiguities
The cyber insurance market faces significant challenges, including ambiguous policy terms and the issue of 'non-affirmative' or 'silent cyber' coverage, where risks are neither explicitly included nor excluded.
This ambiguity creates uncertainty for policyholders, as many losses have been claimed under traditional property policies not designed for cyber risks.
Furthermore, pricing cyber insurance is complex due to limited historical data, the rapid evolution of threats, and the interconnectedness of digital ecosystems.
Traditional actuarial models struggle with the non-stationary and systemic nature of cyber risk, leading insurers to rely on advanced scenario analysis and cyber catastrophe models.
Accumulation risk, particularly from correlated tail events like cloud outages or widely exploited vulnerabilities, also poses a major concern for underwriting, potentially threatening insurer solvency.
A digital safety net with gaping holes
This BIS paper underscores a critical, growing vulnerability in the global financial system, revealing that cyber insurance, while essential, is far from providing comprehensive protection.
The vast 'protection gap' means a significant portion of economic cyber losses remains uninsured, exposing firms and economies to severe, unmitigated disruptions.
Addressing this systemic risk requires a concerted multi-stakeholder effort, extending beyond traditional insurance to include enhanced cyber hygiene, regulatory clarity, and public-private partnerships.