Rupert Alabaster, Director BMS Professional & Financial Services, responds with his thoughts following the US report on China’s cyberwar skills, a risk to military – profiled by BBC News, 8 March 2012. Rupert will be establishing a regular blog on the themes of Cyber Risk, Intangible assets and the insurance market.
There is more and more talk of the next confrontation being fought in cyberspace rather than with soldiers. Certainly, there is a concern that key infrastructure from utilities and government through to emergency-responder networks and banking systems maybe targeted.
And it will not obviously be one nation state versus another, at least on the surface. Rather all sorts of cyber groups may be at work infiltrating systems, manipulating, stealing and changing data.
As more and more companies become aware that it is not just a lone hacker sitting in their bedroom that could be interested in what is on their servers, there is a much heightened focus on cyber security. In turn, risk managers are being asked to buy cyber insurance as protection against security breaches. But – and it is a big but – cyber insurance policies are not all the same and few, if any, are specifically designed to protect against a coordinated attack on behalf of a State.
The problem is that most cyber policies carry a version of the traditional War/Terrorism exclusion. They vary in their language but generally the intent is not to cover coordinated State or politically motivated attacks. And with the US declaring that State coordinated cyber attacks could constitute an act of war (BBC News, 1 June 2011) you can bet that underwriters will look closely at this exclusion in the event of a big claim.
Cyber is not only the new front for war and criminal activity, it is also at the vanguard of new risks being identified and insurances designed. It is early days and the present crop of coverages have a long way to go before risk managers can sleep easy at night.
Click to view the BMS Wholesale, Professional and Financial Services homepage