We’ve reported extensively on the insurance industry’s fear of “cyber war;” debate over exclusions for state-backed, systemic cyber attacks; moves by governments to backstop the cyber insurance industry for massive attacks; and the challenges of current modeling of risk accumulation and catastrophic cyber events.
Now comes a contrarian view from a leading cyber risk risk expert. “Unrealistic fears of cyberwar influence the capital requirements that reinsurers have with regard to cyber-war risk. With fears of the risk inflated, the expectation of how much capital reinsurers would have to hold to ensure they would meet their obligations in the event of a cyberwar increases. These high capital requirements limit the amount of cyber risk that reinsurers can assume, acting as a further constraint on their ability to write more cyber insurance—which effectively limits the overall amount of cyber insurance that can be offered,” writes Tom Johansmeyer, former head of PCS, which does catastrophic loss data collection and analysis at Verisk, a Ph.D. candidate at the University of Kent, Canterbury, and US Army veteran. See his bio and read his report here.
We think this is a must-read, starting with its sober analysis of the real lessons about cyber war so far from the Ukraine/Russia conflict. Related: Johansmeyer’s analysis of the “reversibility” of cyber war attacks versus “kinetic” strikes.