Exclusive | Lloyd’s of London chief warns cyberattack is now the insurance sector’s main battle ground
Head of 332-year-old insurance market urges businesses to defend themselves better against serious cyberattack
Lloyd’s of London, the world’s oldest insurance market, has warned that financial and other companies are still not taking strong enough measures to defend themselves against serious cyberattack.
In Hong Kong this week, taking part in the Asian Financial Forum, its Chief Executive Inga Beale said a malicious hacker who takes down a single cloud service provider, for instance, could easily end in losses of well upwards of US$50 billion.
But it could be double that, as the insurance industry still hasn’t got enough experience of dealing with how pricey such cyber raids really could be.
While attacks on computer operating systems run by a large number of businesses around the world, could end up causing companies losses of US$30 billion, leaving big business or even governments highly exposed.
Describing those cost consequences as probably even on the conservative side, Beale said natural disasters are no longer the biggest threat to insurers – successful cyberattackers are.
She uses the examples of US hurricanes Sandy (2012), and Katrina (2005). The latter racking up losses estimated at US$108 billion, of which US$80 billion was covered, and the former US$50-70 billion – illustrating her point of how just one well-orchestrated series of cyberattacks could cause catastrophic damage to the global economy.
Its figures suggest currently that only 17 per cent of this new age of business functions can be insured, and those costs of cyberattacks are just estimates, as the insurance industry is still to get a proper handle on calculating their potential damage.
Lloyds, a collection of syndicates first formed in 1686, is still the most respected name and expert in the industry, and has published a hard-hitting 56-page report, “Counting the cost: Cyber exposure decoded”, underlining just how expensive cyberattacks have spiralled in frequency, and how they are expected to keep growing in number, and severity, over the next decade.
While storms battered both the US and China’s south coast, including Macau and Hong Kong, recently have caused record high payouts from the insurance industry, Beale said the numbers pale when compared with what havoc and cost could be inflicted if companies do not do more to build up their cybersecurity defences.
But instead of tackling the problem head-on, Beale told South China Morning Post that too few companies have yet to take action against countering these mystery attackers, and that the insurance industry itself is still very much in its infancy in developing policies which could be taken out to pay for the consequences.
“There are substantial insurance gaps, as a majority of cyber risks are not covered by any form of insurance. Just like natural catastrophes, cyber events such as hacker attack or internet failures can cause severe impact on businesses and economies,” she said.
She added the insurance sector has centuries of experience covering properties and people against hurricane winds, storms or earthquakes, but cybersecurity issues and massive technology failures have only really come along in the past few years.
There are substantial insurance gaps, as a majority of cyber risks are not covered by any form of insurance. Just like natural catastrophes, cyber events such as hacker attack or internet failures can cause severe impact on businesses and economies
This year’s forum in Hong Kong highlighted fintech as an area in which Hong Kong can excel.
Chief Executive Carrie Lam Cheng Yuet-ngor said the Hong Kong Monetary Authority and other financial sector bodies in Hong Kong are working flat out to promote Hong Kong as one of the most innovative when it comes to battling against cyberattack.
Beale confirmed that Lloyds is already working directly with major insurance companies on ways to counter cyberattack, and believes this is now the sector’s most pressing priority.
She also pointed out, however, that sometimes the cyber risk is not the sophisticated work of hackers, but often involve a company’s own employee.
“If an employee presses the wrong button, it may bring the whole system down. Staff training is thus of upmost importance to handle such risks,” she added.
Lloyds was famously started in a tea shop in London and has covered everything from superstars’ body parts to singers’ voices.
It has strong links with Hong Kong, and the mainland, where is has worked as a reinsurer for 10 years generating respective revenues last year of US$200 million, and US$300 million. It also has operations in Singapore, Japan and India.
Beale says Asia remains its “focus of expansion as the region has strong economic growth,” particularly as the hundreds of infrastructure and other projects expected to be linked with the Belt and Road Initiative come on stream.”
