As we become ever more dependent on technology further risks and vulnerabilities become evident. New risks replace old. Armed bank robberies have become too difficult and what’s the point if you can use a computer to get away with millions?
Businesses and their insurers have spent decades bringing physical security to the point where burglary and theft was at a record low, only to see criminals change tactics and seek to access their property electronically to cause loss or damage. Moreover, physically securing business premises, using locks and alarms, is much easier than stopping a sophisticated and determined hacker accessing the IT environment. The ability to gain unauthorised access to IT is unfortunately not restricted to those who merely wish to steal money, goods or information. Rogue nation states and some terrorist organisations have developed capabilities well beyond those of most hackers. This presents unique exposures for those who might be the target of their attacks.
In early 2015 it became evident to us that there was an emerging threat of terrorists causing physical damage without the need for an explosive device and that the Scheme would not cover such losses.
Given that Pool Re was created to address systemic losses, which the market refused to cover, it became vital for us to find a way to better understand this risk in order for us to extend the scope of our cover. We commissioned a study from the Centre for Risk Studies at Cambridge Judge Business School to enhance our understanding of the nature of the threat and how it could affect commercial property policyholders in Great Britain. This study underpins the extension of our coverage and is also the basis of a modelling toolkit, which we will continue to develop to form the basis of our future thinking.
This wider cover, which now includes cyber-terrorism, will be available from April 2018. The scope of our cover is designed to protect commercial property and will be offered as standard to all policyholders buying terrorism insurance from a Pool Re Member. The cover is effectively Material Damage and direct Business Interruption (BI), so BI flows only from events happening at the policyholder’s premises. We will not be providing cover for intangible assets, specifically Money and Data, which are more appropriately covered by the cyber market.
Throughout 2018, Pool Re will be working with academia, reinsurers, members and government to promote a better understanding of the contemporary cyber threat. We will continue to promote cyber and risk mitigation initiatives and act as a conduit for the promotion of techniques that publicise good cyber behaviours.