Friday, March 5, 2021
Ken Abraham & Daniel Schwarcz have posted to SSRN Courting Disaster: The Underappreciated Risk of a Cyber-Insurance Catastrophe. The abstract provides:
Cyberattacks have the potential to cause simultaneous, very large losses to numerous firms across the globe, thus resulting in a cyber “catastrophe.” Moreover, there are plausible reasons for believing that a future cyberattack could produce world-wide losses that are larger by an order of magnitude than any past attack. This Article argues that such a cyber-catastrophe could cripple the insurance industry, for two primary reasons. First, many traditional property/casualty policies might well provide “silent-cyber” coverage of a much larger portion of these costs than is now anticipated, because a cyber catastrophe could well result in “physical damage or loss” to tangible property resulting from cyberattacks. This is especially true for auto and homeowners coverage, which generally do not expressly exclude cyber-risk due to the historic absence of cyber claims in these domains. But even general commercial property and CGL policies might cover significant elements of this loss, depending on their terms. Second, a cyber catastrophe could cripple the growing number of insurers providing "cyber insurance" coverage, which expressly cover various losses associated with cyberattacks and the compromise of electronic data. These cyber-insurers face unique difficulties in using two of the most important insurance tools for limiting their exposure to catastrophe risk: coverage exclusions and underwriting. Although cyber-insurers have historically offset these difficulties by insisting on artificially low coverage limits, competition is increasingly rendering this strategy unworkable. In short, both traditional forms of insurance and new forms of cyber insurance are courting disaster. The Article therefore closes by identifying and analyzing several alternative approaches to protecting traditional insurance from catastrophic cyber loss and encouraging new forms of cyber insurance that provide increased coverage without exposing insurers to excessive financial risk.