WannaCry cyber attack could result in economic loss of US$8 billion | Canadian Insurance

WannaCry cyber attack could result in economic loss of US$8 billion

Insurers' exposure to losses tempered by fact that many are still cautious in providing cyber coverage, says A.M. Best

The recent WannaCry cyber attack could result in an estimated economic loss of US$8 billion, of which insurers are likely to be on the hook for a portion of that loss, according to Cyence, a cybersecurity firm cited in a briefing by A.M. Best.

However, losses felt by insurance companies will be tempered by the fact that the industry still has a “cautious and tepid position in cyber,” states the briefing. And A.M. Best notes that it will take “some time” to determine the actual economic loss.

WannaCry hit more than 300,000 computers in 150 countries and demanded a ransom of US$300 to US$600 per user, with the aggregated total leading to a sizable loss. In addition, the aggregated total still does not account for the potential for class action lawsuits and the cost of loss of data and revenue.

Although costly, “the insurance industry can also benefit from this attack, if it leads to a better ability to devise and craft appropriate policies with clear definitions and language, to attain the desired level of protection and coverage for policyholders,” the briefing states.

Further, the report suggests that although WannaCry was unique in its size and speed, it is still an example of the growing risk of cyber attacks, which are increasing in frequency and scope: “Attacks of this nature—globally coordinated and likely more far reaching—may become more the norm rather than the exception.”

As the insurance industry responds, the ratings agency says it will evaluate insurers’ exposure to cyber based on their overall approach to risk management and, in particular, “whether an insurer has the ability and the wherewithal to manage a particular risk—the complexity of risk and the tools [that] management uses to underwrite and manage the risk are key components in our evaluation.”