In his most recent book, Lights Out: A Cyberattack, A Nation Unprepared, Surviving The Aftermath, Ted Koppel explains that a catastrophic cyber-attack on America’s power grid is on the horizon and our nation is severely unprepared for it. Throughout his book, Koppel claims that the bureaucracy is “moving slowly and with poor focus” as cyber criminals are constantly finding new and advanced ways to prey on its victims. While it is clear our nation as a whole must do more when it comes to prevention, mitigation, response and resiliency, a recent Risk & Insurance magazine article investigates potential losses from a catastrophic cyber-attack and the role the insurance industry can play if one were to occur.
Accurately quantifying potential losses for this type of attack is difficult at best due to protected and classified information but nonetheless, a 2015 Lloyd’s of London/University of Cambridge report suggests a hypothetical worst case scenario could result in $243 billion to $1.24 trillion in direct and indirect losses with between $21 billion and $71 billion in estimated insurance industry losses. However, there are currently not enough stand-alone cyber limits to pay for such losses because “many property and general liability insurers are inconsistent and/or hesitant to cover cyber exposures” due to insufficient actuarial data. As a result, Kevin Kalinich of Risk & Insurance suggests we break the barrier between general liability and cyber groups to develop a “combined all-risk policy that combines the actuarial data of property losses with cyber experts to identify and quantify frequency and severity.” By doing so, we can learn from natural weather incidents and terrorism threats to improve preparedness and reduce potential losses from a cyber-attack.