As in the US, the discussion turns on the threat of a catastrophic “systemic” cyber attack, which could generate $3.5 trillion in “global economic damage” according to a recent model prepared for Lloyd’s of London (which has been tightening its war exclusions.)
The UK established a backstop decades ago for terrorism coverage after IRA attacks sent re/insurers scrambling away from the market.
“With this in place, insurers returned to the terrorism insurance market,” the Financial Times reports, “and the scheme has paid in excess of £1.25bn in claims, adjusted for inflation, over its lifespan, without having to call on its guarantee. Last week, Pool Re celebrated its first 30 years with senior industry figures in the reinforced bunker of the Churchill War Rooms. The current debate is whether incumbents at the Treasury, just above ground at the same site, should give Pool Re a new job for its fourth decade, widening its scope to share insurer losses in the event of a systemic cyber attack.”
The US did something similar after 9/11, when it established TRIA/TRIP. The Biden Administration is considering a backstop for cyber insurance, which supporters assert would have multiple benefits, including attracting more capital into the cyber re/insurance markets. Critics have questioned the need for such a program and, if one is required, cast doubt on creating it in the image of TRIA/TRIP.
The Financial Times report is worth a read even for American participants in the cyber insurance market, including for a dissenting opinion from a former CIA analyst on the actual risk of a massive “systemic” attack.