Dealing with cyber accumulation risk | Munich Re

web

munichre.com·munichre.com/en/insights/cyber/dealing-with-cyber-accumul...

This Munich Re article analyzes cyber accumulation risk in insurance portfolios, relevant to AI safety as it examines systemic risks from interconnected digital infrastructure, including malware attacks and IT outages that could affect critical systems at scale.

Metadata

Importance: 28/100organizational reportanalysis

Summary

Munich Re examines how interconnected cyber risks—malware, data breaches, IT outages, and infrastructure attacks—can create catastrophic accumulation losses for insurers. The article highlights challenges in modeling these risks due to rapidly evolving threat vectors and the difficulty of identifying dependencies across global supply chains. Real-world examples like NotPetya, WannaCry, and a 2017 AWS outage illustrate the scale of potential losses.

Key Points

•Major cyber accumulation scenarios include malware attacks, data breaches, IT service outages, and attacks on critical infrastructure like power and telecom networks.
•NotPetya and WannaCry demonstrated global contagion potential, affecting organizations across 65 countries and causing billions in economic losses.
•A 2017 human error at a major cloud provider caused $310M+ in losses across S&P 500 and financial services firms in just four hours.
•Historical data has limited predictive value for cyber risk because threat vectors evolve rapidly and attackers continuously develop new attack patterns.
•Shared software/hardware vulnerabilities and interconnected supply chains create systemic risk that is extremely difficult to model and quantify.

Cited by 2 pages

Page	Type	Quality
AI Cyber Damage: Bounding the Tail	Analysis	--
Cyber Insurance Market Signals	Analysis	--

Cached Content Preview

HTTP 200Fetched May 4, 202610 KB

Dealing with cyber accumulation risk
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 6 minutes read
 
 
 
 Published 10/15/2018
 
 
 
 

 
 
 

 
 
 

 

 

 

 
 

 

 

 
 © Shutterstock.com 
 

 
 

 
 
 
 
 

 
 

 

 
 
 

 

 
 

 
 
 
 
 
 
 
 
 
 
 Experts 
 
 

 
 
 
 Related Topics 
 
 

 

 
 

 
 

 
 

 
 Share this article 
 Close 
 
 

 
 
 Share

 
 
 
 Close 
 
 

 
 
 
 
 
 
 LinkedIn 
 
 

 
 
 
 
 
 Facebook 
 
 

 
 
 
 
 
 Whatsapp 
 
 

 
 
 
 
 
 E-Mail 
 
 

 
 
 
 
 
 Copy Link 
 
 

 
 

 
 
 

 
 Sharing 
 
 

 
 

 

 

 
 

 

 
 
 

 

 
 

 
 
 

 
 Malware attacks, data breaches, IT service provider outages and computerised attacks on critical infrastructure are four of the major cyber perils of the 21st century. The interconnectedness of all industries makes each player vulnerable to these risks along their respective value chain. In the case of a single event generating a widespread impact on thousands of businesses at once, the accumulation of liabilities within a portfolio of policies could expose an insurance company to high financial losses. Hence, it is essential and indispensable for an insurance company to actively identify, quantify, model, manage and control cyber accumulation risk.
 
 
 

 
 

 

 
 

 
 
 Major cyber accumulation scenarios
 
 
 
 

 
 

 
 
 

 
 

 
 Starting in 2016, businesses worldwide were exposed to a series of cyber incidents that put a spotlight on this peril like never before. From NotPetya to WannaCry, ransomware and malware attacks and their aftermath created havoc for businesses, sometimes causing losses in the hundreds of millions – or even billions –in economic terms. One particular problem was that these attacks proved to be globally contagious, infecting organisations across 65 countries.


 It is evident that in cyber a significant accumulation potential on a global scale arises from shared software or hardware vulnerabilities, the disruption/outage of central IT services, and attacks on critical infrastructure, such as power supply or telecommunications networks – including the internet. Each of these events may cause various types of financial losses to thousands of companies, and hence a major accumulation loss.


 Although the major cyber accumulation risk scenarios are essentially man-made, not all are malicious. In addition to malware attacks and attempted data breaches, technical failures and human error can also have devastating consequences.


 In February 2017, a simple human error by an employee caused a widespread outage event of over four hours for one of the world’s largest cloud infrastructures. Economic losses at S&P 500 companies reached US$ 150m, while financial services firms lost US$ 160m. This elucidates how a single event can cause high losses, not only for many businesses, but for insurers and reinsurers as well. 



 
 
 

 
 

 

 
 

 
 
 Challenges in accumulation control
 
 
 
 

 
 

 
 
 

 
 

 
 The increasing interconnectedness of risk in cyber supp

... (truncated, 10 KB total)

Resource ID: e43fea648dfc578d | Stable ID: sid_FPKbjHJZOw