trending Market Intelligence /marketintelligence/en/news-insights/trending/jcudh_jmo6h_vayifig74a2 content esgSubNav
In This List

Cyber insurers not prepared for next NotPetya, says forensic accountant

Blog

The Big Picture 2022 Insurance Industry Outlook

Podcast

Next in Tech | Episode 37: Insurance impacts on technology and vice versa

Case Study

A Prestigious Global Business School Gains a Competitive Edge

Video

S&P Capital IQ Pro | Unrivaled Sector Coverage


Cyber insurers not prepared for next NotPetya, says forensic accountant

The insurance industry risks being unprepared when the next cyber-catastrophe hits, according to Ben Hobby, a partner at forensic accounting firm RGL Forensics.

Speaking at a Nov. 13 Insurance Institute of London lecture at Lloyd's of London, Hobby noted that 2017's NotPetya malware attack, which hit companies across a variety of industries and geographies, could have cost cyber insurers in excess of $1.5 billion, had the exposures been fully insured.

It is "safe to say" the market will suffer another event on the scale of NotPetya, he said, and although it is not clear when, he expects it to occur before the market has fully assessed the risks.

"This is where the threat to the cyber market sits — that the shock occurs before the market is ready for it," he said.

According to Hobby, understanding a company's network and databases is "absolutely critical" to identifying the risks it faces.

"The question is: Is that happening in the cyber [insurance] market? From the various conversations I have had with underwriters, claims managers and brokers, unfortunately, that isn't occurring," he said. One positive, he noted, is that the industry recognizes that it needs to close this information gap, but he added: "Is there enough premium to fund this type of risk analysis? The market feedback is: 'Not at present'."

Premiums are being driven down as more insurers jump on the cyber bandwagon in search of good underwriting profits. Hobby cited figures from broking group Aon that showed that the U.S. cyber insurance market reported a loss ratio of just over 60%, and estimated that the U.K. loss ratio would be even lower.

"The effects of this are going to be significant because that potentially results in more new entrants coming into the market, resulting in more competition, potentially resulting in lower premiums," Hobby said.