Context
The ABI and Lloyd’s have co-published a guide for (re)insurers on how to approach defining a major cyber event. As one of the most prominent systemic and emerging risks, there are few historic major cyber events for insurers to look at when trying to establish clear definitions and policy wording. The ‘Components of a Major Cyber Event: A (Re)Insurance Approach’ seeks to address this by setting out the factors (re)insurers should consider and provides a framework to follow when defining what constitutes a major cyber event.
Key points to note and next actions
Written by senior cyber (re)insurance leaders, the paper represents a joint effort to build shared approaches across the industry. The steps that need to be considered, and given varying degrees of emphasis, when defining a major event include:
- WHO is responsible for the event and whether their intentions were malicious or not?
- WHAT was the cause of loss?
- WHERE did it occur geographically, in the digital ecosystem and the insured population?
- WHEN did the event start and how long did it last for?
- HOW did the cyber event spread – was it manual or automatic?
- WHY did the event occur, was the motive for financial or political gain?
- IMPACT quantified as monetary loss.