WannaCry Attack Could Be Opportunity for Cautious Insurance Industry: A.M. Best

May 23, 2017 by

According to a rating agency A.M. Best, the the recent WannaCry ransomware attack could be a benefit to the insurance industry if it leads to better-crafted policies with clear language that provide the desired protection for policyholders.

A.M. Best said in a briefing that insurance companies tend to view cyber as a great business opportunity but have been cautious about taking on cyber exposures beyond a certain risk tolerance.

The ratings firm also said it believes insured losses from the WannaCry attack will be low.

At the same time it may be an opportunity for insurers, the WannaCry ransomware attack highlights the need for technology companies and end users to be proactive is mitigating potential losses, A.M. Best said in the briefing.

The briefing, titled, “WannaCry Ransomware Attack—More to Come,” notes how WannaCry is an excellent example of how vulnerable the world is to cyber attacks. The ransom malware was unique in terms of its scope, speed and reach, and among its effects have been the postponement of medical services, disruptions to major telecommunications networks and stoppages in manufacturing.

Although the ransom demand (from $300 to $600) per consumer is low, the aggregation of loss will be far larger, according to A.M. Best. Furthermore, the aggregation does not take into account any potential litigation; potential class actions could elevate these losses even further and loss of data as well as of revenue could result in yet more residual losses.

However, A.M. Best said it expects that insured losses will be minimal given the industry’s cautious position in cyber.

A.M. Best said it takes into consideration management’s overall approach to risk management when evaluating an insurer’s exposure to cyber and warned that risk aggregation is another area that should be of concern to all insurers, particularly if attacks like WannaCry become the norm rather than the exception.

Fitch Ratings analysts believe WannaCry and other will spur demand for cyber protection and insurance protection but has warned insurers to continue to take a cautious approach to adding cyber exposures as there is still considerable uncertainty in pricing and underwriting this risk. Aggressive expansion by individual underwriters into the segment could be credit negative, Fitch warned.

Many companies hit by ransomware attacks may be uninsured and some of them without cyber insurance are calling on their kidnap and ransom policies to recoup losses, according to reports by Reuters.

Related: