May 17, 2017
Last week’s WannaCry ransomware attack is not expected to be a major event for insurers, according to reports.
The attack is estimated to have hit more than 200,000 computers in 150 countries, which included those used by the National Health Service (NHS).
While it is still too early to estimate the magnitude of insured and economic losses, it seems that it won’t be as costly as initially feared, largely due to the geographical location of the attacks with Europe and Asia the worst affected.
According to the FT, companies in these regions have been slower to purchase cyber insurance than their counterparts in the US, where more firms have bought cover in response to regulatory requirements and high-profile attacks in recent years such as Target and Anthem. However, the spread of the virus was stopped before it gripped the US.
While the cyber insurance market is likely to escape largely unscuppered, The Insurance Insider reported that there could be some fallout on kidnap and ransom (K&R) policies, with experts canvassed by the publication warning that event could trigger extortion policies and may force K&R underwriters to reconsider their position.
WannaCry is likely to be a wake-up call to companies that have not yet purchased cyber cover or have been hesitant to do so in the past, with many reports that the attack has already driven a large increase in demand for cyber insurance - a grace for insurers and brokers alike.
The global cyber insurance market is growing rapidly, with premiums currently pegged to be in the region of $3bn to $4bn according to various estimates and Allianz predicting that market could grow to as much as $20bn by 2025.
Growth is likely to be fuelled by a continued incidence of cyber-attacks, as well as greater regulatory pressures such as the EU General Data Protection Regulation which comes into force next year.