Insurers will need to be proactive in exploring options for sharing cyber risks with governments as hostile activity increases the challenges of providing cover, the Geneva Association says.

The Swiss-based insurance economics research group says a protection gap exists for state-sponsored cyber attacks that stop short of outright military conflict.

It refers to the attacks as hostile cyber activity (HCA) and says some form of public-private partnership (PPP) or government backstop may be needed to help the industry cover the full scope of risks in the cyber arena as demand for protection rises.

“To expand the limits of insurability, insurers need to be proactive in assessing feasible options for sharing cyber risks, including with governments via PPPs,” it says.

“Such collaborative efforts between insurers and governments will enable cyber protection gaps to be narrowed and ensure the full societal benefits of cyberspace can be realised.”

The report points to a number of evolving threats and vulnerabilities for businesses, including the shift to a cloud environment.

“Notably, only a handful of large companies provide the vast majority of cloud computing capacity, such as Amazon Web Services, Microsoft Azure or the Google Cloud,” it says.

“Market concentration among a few large cloud providers presents a concerning illustration of a potential ‘single point of failure’ in the cyber domain, although thankfully the risk of a massive outage has so far not crystallised.”

The Geneva Association says re/insurers have recently sought to tighten policy language and withdraw risk-absorbing capacity, prompting a sharp increase in premium rates.

The report is available here.