This is a statement that has not gone unnoticed. Mario Greco, head of the insurance company Zurich, told our colleagues at Financial Timesassesses that the cyber risk will become uninsurable.
He is particularly concerned about the threat of a takeover of “important parts of our infrastructure” by attackers: “it is necessary to [comprendre] that it’s not just about our data; it is a question of civilization. These [attaquants] can seriously disrupt our lives. For Mario Greco, it is very simple: there is a limit to what the private sector can absorb in terms of covering losses caused by cyber attacks.
Therefore, the Zurich chief calls on governments to “put in place private-public mechanisms to deal with systemic cyber risks that cannot be quantified, such as those found in certain jurisdictions for earthquakes. or terrorist attacks”.
This exit comes at a time when several groups have recently set up a captive reinsurance company, starting with Publicis in mid-October, with the stated aim of helping it cover some of its cyber and civil liability risks.
The term “cyber” had not been uttered Bonduelle and Seb in 2021 when they announced the creation of their reinsurance captive. But it’s hard not to see that, between the lines, when concerns about the costs associated with covering those risks had already surfaced. All this against the background of a significant imbalance, highlighted by AMRAE, between compensation paid in 2020 and contributions collected.
For their part, Airbus, BASF and Michelin have not hidden the role of cyber risk and their insurance option to justify the creation at the end of September of their captive mutual insurance company with Adeo, Sonepar, Solvay and Veolia: Miris Forsikring .
Recently, Miguel de Oliveira, president of Aisi, gave an illustration of the situation in a post on LinkedIn, in which he evoked a client who asked him “is it normal to have a 276% increase in his cyber insurance”. Not to mention increasing technical requirements such as the implementation, within 6 months, of multi-factor authentication (MFA) and an EDR tool (Endpoint detection and response). Perhaps a response to requirements that are sometimes insufficient in relation to the evolution of the threat.
John Neal, managing director of Lloyd’s, analyzed it in early November in the columns of Financial Times : for him, cyber insurance has “been undervalued”, which led to insurers recording losses on these products in 2018 and 2019. From then on, prices could only rise to “reflect the exposure more sensibly”.
Mario Greco is therefore not the first to make such statements or to call for the establishment of public-private mechanisms to deal with the issue of systemic cyber risks. Frédéric de Courtois, Deputy CEO of AXA, had already done it in the fall of 2021 … and even a year earlier.