Captive.com logo

Captive Insurance News

The COVID-19 Pandemic: Opportunities and Implications for Captive Insurance

The COVID-19 Pandemic: Opportunities and Implications for Captive Insurance

A FREE 12-page special report from Captive.com

The COVID-19 Pandemic: Opportunities and Implications for Captive Insurance explores the challenges presented by today's business and economic upheaval, as well as the hardening insurance market, and what it means for the captive insurance industry.

Show Me My Free Report

Systemic Cyber Attacks Likely in 2017, According to AIG Cyber Risk Study

Cyber Hacking-SF
May 11, 2017

Nine in 10 global cyber security and risk experts believe that cyber risk is systemic and that simultaneous attacks on multiple companies are likely in 2017, according to the Is Cyber Risk Systemic? study issued by American International Group, Inc. (AIG).

More than half of survey respondents say a simultaneous attack on 5–10 companies is highly likely in the next year. More than one-third estimate the likelihood of a simultaneous attack on as many as 50 companies at greater than 50 percent. Twenty percent see an even greater threat, predicting a better than even chance that as many as 100 companies will be attacked.

AIG’s survey of cyber security and risk experts was conducted to gain a deeper understanding of the likelihood and impact of a globally systemic cyber attack. The survey follows several high profile systemic cyber events, including the Dyn Denial-of-Service (DDoS) and MongoDB ransomware attacks.

Tracie Grella, AIG’s global head of cyber risk insurance, said, “While data breaches and cyber-related attacks have become more prevalent for individual businesses, concern about systemic cyber attacks is on the minds of those in the very community dedicated to analyzing and preventing this threat.”

The leading industries identified by experts as most likely to experience a systemic attack this year are as follows.

  • Financial services (19 percent)

  • Power/energy (15 percent)

  • Telecommunications/utilities (14 percent)

  • Healthcare (13 percent)

  • Information technology (12 percent)

Financial networks or transaction systems, internet infrastructure, the power grid, and the healthcare system would be vulnerable in attacks on these industries. Information technology companies, including software and hardware providers that support the backbone of the digital economy, were also seen as particularly susceptible.

“Our highly-networked economy relies on secure, expedient, and constant data flow and electronic communication,” said Ms. Grella. “Disruptions to the flow and security of data can have cascading impacts and negatively impact institutions that rely on such data.”

Asked to rank specific scenarios, respondents selected a mass-distributed DDoS attack on a major cloud provider as the most likely cross-sector mega event. For data theft or destruction scenarios, flaws in hardware or software widely used by the industry are most concerning.

The top three likely scenarios selected by experts are summarized below.

  • Financial services: 15 companies breached; mass business interruption; mass DDoS coordinated against financial institutions

  • Healthcare: 10 companies breached (e.g., hospital, pharmacy, insurer); mass data theft; flaw in commonly used electronic medical record software

  • Retail/hospitality: 25 companies breached; mass data theft; flaw in widely used payment processing software/hardware

The worst-case scenarios that were of greatest concern include the following.

  • Cyber cat-and-mouse war games, retaliation, and escalation to conventional battle between prominent nation states

  • A power grid attack during times of system stress with widespread impact on the population

  • A significant attack on telecommunications and utilities infrastructure that has a widespread impact on essential services

In December 2016, AIG surveyed 70 cyber security, technology, and insurance professionals focused on cyber risk in the United States, United Kingdom, and continental Europe to gain a deeper understanding of their views on the likelihood and impact of a systemic cyber attack. While the sample is small, it does represent a substantial set of key thought leaders and risk management experts in the cyber risk and cyber insurance fields. Recipients included chief information security officers, technology experts, and forensic investigators, as well as cyber researchers, academics, insurance-brokers, underwriters, and risk modelers.

Captive Insurance Company Reports
Follow Captive.com on Twitter

Twitter Feed