The insurance industry and public sector should join forces to build resilience to catastrophic cyber events, according to a report from Zurich and Marsh McLennan.

Incentivising “cyber hygiene” and building a common framework for structured data use would “create a virtuous cycle”, they say in the paper, called Closing the Cyber Risk Protection Gap.

Such action would allow data sharing and innovation between the insurance industry and public sector, and include government incentives as an alternative to further regulation, methods to measure quantifiable catastrophic cyber risk and strategies to manage unquantifiable cyber risk through public-private partnerships. 

This would create capacity for the insurance market.

“Both the insurance industry and the public sector are urged to collaborate, share and innovate to confront the growing cyber risk protection gap, foster resilience and safeguard our society and economy from the escalating cyber threat,” the report says.  

“The expertise and capabilities currently held by the insurance sector provide strong motivation for the government to create a framework in partnership with industry.”  

Zurich CEO Mario Greco says cyberattacks pose a risk to economic stability, and catastrophic cyber events present “substantial accumulation risks [that] cannot be borne by the private sector alone.

“Enhancing cyber resilience is vital to addressing this protection gap. Achieving this requires strong public-private partnerships to develop comprehensive strategies that secure our digital future.” 

Claims volumes after a catastrophic cyber incident might overwhelm resources available, and the most pressing need is to address gaps created by war and infrastructure exclusions, the report says. Events such as critical infrastructure failure are generally considered uninsurable.

“Potentially, the framework could allow for a difference-in-condition product that is triggered when policy exclusions are applicable. It would be important to ensure that the program serves to respond to only truly catastrophic losses.”

Marsh McLennan president and CEO John Doyle says the insurance industry and the public sector must fully understand the spectrum of insurable and non-insurable cyber events. 

“Through greater collaboration, we can develop innovative solutions, inform insurance buyers, enhance the cyber insurance market, and establish robust public-private partnerships that safeguard our society and economy from potentially catastrophic cyber events,” he said.