Zurich Insurance says that Cyber-Attacks Will Become ‘Uninsurable’

In an interview with the Financial Times, Zurich’s CEO, Mario Greco, has warned that cyber-attacks will become “uninsurable” as the disruption from hacks continues to grow. We regard this as incrementally positive for AI Cyber Security names as it will force more companies to adopt sophisticated counter measures against hackers.

Recently cyber losses have prompted underwriters to limit their exposure, with some insurers raising prices and tweaking policies. In 2022, insurer Zurich reached a settlement with Mondelez International to close a $100 million lawsuit against the insurer for refusing to pay out on cyber claims related to the 2017 NotPetya attack. Zurich had denied claims from Mondelez on the grounds that the NotPetya attack, had been a state-sponsored attack by Russia and therefore fell under its act of war exemptions.

In a similar vein, Lloyds introduced an amendment to its policies in 2022 which sought to reduce systematic risk from cyber-attacks. They did so by introducing an exemption clause is the attacks were deemed to be state-sponsored.

However, the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally arduous. Cyber experts have also warned that rising prices and bigger exceptions could put off people buying any protection.

Greco states that there is a limit to how much the private sector can absorb, in terms of underwriting all the losses coming from cyber-attacks. He called on governments to set up private-public schemes to handle systemic cyber risks that can’t be quantified, like those that exist in some jurisdictions for earthquakes or terror attacks.