“In a new report, CyberCube conducted an analysis of cyber cat events and documented over 100 global cyber aggregation events with catastrophic potential over the past six years – equating to approximately one every three weeks. The vast majority of those events were resolved by the cybersecurity community with minimal financial loss to insurers. However, CyberCube warns that while few security issues have become major (re)insurance losses, the counterfactuals on observed near-miss events suggest that far larger losses are quite plausible.”
The company notes some of the near-misses might have been catastrophic had the purpose of the hacks been the destruction of IT systems, versus the theft of information or ransomware.
It notes the trend of excluding national-state and/or systemic attacks from cyber policies should protect insurance companies when events move from “near misses” to catastrophic attacks. Of course, while that’s good for insurers, it may leave some policy holders exposed to massive losses.
This report summarizes CyberCube’s research into key catastrophe events as part of the recent launch of version 5 of CyberCube’s Portfolio Manager.
Source: Cyber Attack Event Analysis – PMv5 report