There are warnings that the world’s cyber (re)insurance sector is to be pushed to the limit by a new wave of nation-state backed cyber-attacks in the final three months of the year.
As reinsurers look to Monaco for the annual reinsurance rendezvous at the end of the week cyber risk analytics specialist CyberCube, has warned nation-state cyber threat activity will push the boundaries of war exclusion language.
In a report published today the company identifies what is views at the global “bot zones” for cyber threats with a view that the final quarter of the year will herald a new era for such events.
William Altman, Cyber Threat Intelligence principal, CyberCube, explained: “Nation-state cyber hot zones offer a glimpse into the potential future of cyber war. In Q4 2023, CyberCube expects to see nation-state cyber threat actors conduct themselves in ways that push the cyber (re)insurance industry to consider the limitations and strengths of current war-exclusion language deeply.”
The company said the report examines selected nation-state cyber hot zones to gain insight into the potential cyber (re)insurance impacts of future cyber wars. It monitors these hot zones for evidence of cyber-attacks bridging the divide between digital and physical impacts.
The research “CyberCube’s Global Threat Outlook: A perspective on the threat landscape for Q4 2023” also highlights how the combination of CyberCube’s Exposure and Security Scores paints a clear picture of industry-level differentiated cyber risk opportunities. The highest-risk sectors to keep an eye on in Q4 include Professional Services and Healthcare, which it said are both under-secured relative to the threats they face and make attractive targets, with high levels of sensitive data — leaving companies vulnerable to ransomware and extortion tactics.
The report added that while there has been substantial progress and momentum achieved this year, including, in March, Lloyd’s of London rolling out an exclusion for cyber war and severe state-backed attacks, the reinsurance market is yet to settle on a consistent approach that is acceptable to all stakeholders.
Yvette Essen, CyberCube’s head of content, communications & creative, said: “The approaches currently being adopted carry significant uncertainty, mainly due to the complexities surrounding the attribution of cyber incidents and the scarcity of historical parallels. By striving for consistency and clarity, we can bolster confidence in the cyber reinsurance sector, shielding it from the impact of outlier events, while reinforcing the overall value of cyber insurance products.”
Reinsurers are expected to take a tougher stance on cyber risk in the upcoming reinsurance renewals on 1 January 2024, with the current quota share agreements which have seen reinsurers provide primary market capacity likely to be renegotiated. Reinsurers are expected to use next week’s rendezvous to spell out their appetite for cyber cover which is expected to see insurers required to assume more of the risks before any reinsurance capacity is deployed.