Chubb CEO Greenberg Stresses Need to Address Ransomware and ‘Systemic’ Cyber Risk

August 16, 2021 by

Chubb Chairman and CEO Evan Greenberg is doubling down against outlawing ransomware payments to address the growing threat of ransomware. He appears to make an exception, however, for cryptocurrency payments.

“While I don’t think the government should outlaw ransomware payments at this time, I do think we ought to be looking at whether we allow crypto payments. Because who are you paying, terrorists?” Greenberg said during the company’s second quarter earnings call in July.

By Greenberg’s argument, victims should be obligated under current anti-money-laundering laws to get permission from the U.S. Department of the Treasury to make a ransomware payment.

“We should be removing the incentive out of the system for ransomware attacks, which are all about money for the most part, and unmask what is the intention to disrupt our country politically — unmask that part of it and show it,” Greenberg said.

He also advocates private and public-sector partnerships to address the growing problem.

“There are all kinds of things that the private sector and public sector could be doing together,” Greenberg said. “Sharing of information is one of them right now, and understanding where systemic risk aggregations are is another … It is more than about achieving rate in cyber today.”

Greenberg’s comments come as the onslaught of ransomware attacks is forcing some cyber insurers to reassess their business, with massive rate hikes, scaled-back coverage and more on the table. On the rate hike front, cyber pricing in the U.S. jumped 56% in the 2021 second quarter alone, and 68% in June, according to a recent Marsh report. Ransomware claims frequency and severity seem to be the cause.

Under that context, Greenberg noted that the pricing environment for cyber “is pretty good,” but it fails to address the fundamental issue about cyber “that the industry has to wrestle” and Chubb is starting to address. Part of the problem, he said, is cyber and pandemic cover are very similar.

“Like pandemic, cyber has a catastrophe profile, and the nature of cat potentially is that it has no time nor geographic boundary to it,” Greenberg said, evoking an argument he has made before. “You take the growing digital interconnection of the world today in everything — personal and business, and that potential for catastrophe — the concentrations for exposure are only growing.”

Greenberg observed that risk is apparent in all the cyber attacks, both malicious cyber attacks from nation-states and non-nation-state actors, to either disrupt society or just to make money. Managing that is complex, he noted.

“You have a frequency of loss on one hand, and rate and some adjustment to coverage can manage that. On the other side of the coin, you have a systemic nature of this,” Greenberg said. “I can tell you in the way Chubb underwrites, we are facing it and we are beginning to address it … in underwriting.”

Greenberg said there are also “real public policy questions” regarding cybersecurity, and that his firm is raising its voice in the public policy arena.