The UK should set up a public-private cyber-catastrophe reinsurance scheme, a new industry report says.

“Cyber risk has the potential to be the biggest, most systemic risk I have encountered in my insurance career,” XL Catlin Executive Deputy Chairman Stephen Catlin says in the paper.

“It is big because the information and telecommunications revolution of the past half-century means computers are now used for practically everything.”

The report says the British Government could extend its Pool Re flood concept to cover cyber catastrophe, using a separate scheme under the same management.

Mr Catlin warns insurers’ balance sheets are not large enough to cover a true cyber catastrophe.

A major computer outage due to cyber terrorism, power failure or a solar storm could lead to massive property damage and business interruption, the report says.

“Our potential nightmares range from destruction of the contents of all freezers to massive pile-ups of autonomous vehicles, to interference with medical devices implanted in people.”

A reinsurance scheme would provide cover to insurers above a catastrophic loss threshold, and be funded by the insurance industry.

The Government’s role would be promotion and possibly last-resort insurance if industry retentions and scheme reserves were exhausted.

It would facilitate but not underwrite the scheme’s reinsurance. The Government could help the issuance of cyber-catastrophe-linked bonds.

Cost estimates for single cyber events range from £2 billion ($4.23 billion) to £20 billion ($42.3 billion).

The report was compiled by the Z/Yen Group in collaboration with the Association for Project Management.

Z/Yen carried out 80 interviews, mostly with insurance and reinsurance professionals. The Centre for the Study of Financial Innovation hosted a roundtable in June to discuss cyber insurance.

The proposed pool would provide more standardised wordings, linking cyber catastrophe to the policies insurers write, and more standardised data collection for analytical purposes.

It could also promote the use of risk management standards.

The report says insurance regulators could strongly encourage membership of such a scheme, and members could jointly seek reinsurance for cyber catastrophes, including cyber-catastrophe-linked securities.

Also see ANALYSIS