Reflections on CrowdStrike: the need for the London insurance market to step up and tackle systemic cyber risk
Markel International president Simon Wilson on the need for the London market to fully embrace its role in cyber risk management.
The outage, caused by a seemingly benign endpoint detection software designed to protect against ransomware, exposed the fragility of our most advanced security systems and the intricate web of IT interdependencies. The incident – which will cost insurers an estimated $1.5bn in cyber payouts – reveals that while technological systems are robust, they are not infallible. The potential for more severe disruptions looms large and, just as simple code can cause extensive damage, sophisticated malware can also lead to catastrophic consequences, particularly amid today’s volatile geopolitical climate.
As the largest cyber insurance market in Europe, generating £4.5bn ($5.9bn) in GWP, London stands as the natural epicentre for cyber risk management. We must rise to the challenge, bolstered as we are by a unique concentration of cybersecurity and underwriting expertise, with nearly 600 cybersecurity product and service providers and the support of the UK National Cyber Security Centre. This ecosystem enables London insurers to partner with IT security companies to identify coverage gaps and develop products tailored to the complex and global nature of cyber risks.
Yet despite its critical role in managing and transferring cyber risks, the insurance market faces a significant challenge. The scale of potential losses from cyber incidents stress-tests the capacity of the global P&C insurance market.
If we cannot rely solely on traditional risk transfer to address this pervasive issue, how do we tackle the problem? Better IT systems and security are crucial. We also need a collaborative and concerted effort from both the private sector and policymakers. This should focus on sharing anonymised cyber incident data, harmonising regulatory and policy frameworks, and advancing scenario planning, stress-testing and economic impact analysis. The introduction of the UK Cyber Security Resilience Bill in the July’s King’s Speech marks a positive step towards improving cybersecurity standards and enforcing better security practices across organisations.
We must also attract more capital into the insurance market. This means enhancing our risk modelling capabilities and thinking more creatively about risk-sharing arrangements.
Accurate risk modelling provides investors with the confidence to allocate greater amounts of capital. Additionally, new types of solutions, such as insurance-linked securities and cyber catastrophe bonds, can help distribute the risk more broadly across capital markets. Cyber cat bonds could provide a viable solution to bridge the gap between the limited capacity of traditional insurance markets and the enormity of potential cyber losses. These bonds would offer a new avenue for capital, enabling insurers to manage large-scale cyber risks more effectively.
London is at the forefront of these developments, as demonstrated by the launch of the industry's first cyber parametric policy last year and its support for alternative capital sources. Lloyd’s of London recently issued a $100 million cat bond via its London Bridge 2 ILS platform, showcasing London’s ability to access capital markets for additional funding.
Yet, the London insurance market can achieve even more. To enhance resilience and drive progress, it must fully embrace its role in global cyber risk management—leveraging its expertise in risk identification, mitigation and loss prevention. By advancing risk modelling, attracting more capital, and fostering innovative risk-sharing arrangements, London can strengthen defences against systemic cyber risk. Policymakers interested in maintaining London’s competitive edge should support these initiatives.
We cannot let the potential for future threats immobilise us today. The London insurance market must lead with resolve, protecting our clients and the global economy from the threat of systemic cyber risk.
Simon Wilson is president of Markel International.