Cyberterrorism threat must be addressed: Pool Re’s chief

However, the differences are important:

— Unlike terrorism, where weapons of mass destruction are heavily guarded by nation-states, cyber weapons developed by nation-states find their way onto the dark web very quickly. This is of enormous concern.
 — It seems less complex for nation-states to prevent conventional crime and terrorism than to prevent malicious cyberattacks. Accessibility enabled by the internet is a key weakness, and crimes can be perpetrated from beyond the reach of normal prevention agencies.
 — IT security techniques and awareness need improvement. Hackers seem able to break into even the theoretically most secure of websites.
 — The internet of things means that everything is connected – so how can this risk be understood or contained? If it cannot, how can it be insured? It could pose a systemic risk.

Within the broad spectrum of cyber perils lurks the potential future threat posed by cyber terrorism, perpetrated by organizations such as the Cyber Caliphate Army, the self-declared “cyber army” of ISIS. The Pool Re scheme excludes cyber, but this limitation is being reviewed. The Judge Business School at Cambridge University has been engaged to undertake a study of cyberterrorism, and once complete, Pool Re will evaluate the elements of the threat which the scheme might offer to insure. The ultimate aim is to provide economic resilience to the catastrophic, systemic exposures which are normally the responsibility of government, and thereby enabling the market to operate effectively within the cyber sphere.

Enoizi concluded his speech by stating that cyber remains an ‘unknown known’. The risk is evident, but accurate modelling is problematic. The risk appears unacceptable to the commercial market, and the state has a responsibility to take on systemic risk that the market cannot assume. Reinsurance pools, such as Pool Re, have a long history of providing an effective “buffer” to the ultimate liability faced by the taxpayer. Such schemes also have an enabling effect on the market, by removing the systemic risk and allowing the market to innovate new risk management products. A market-oriented, as opposed to a levy-based means of creating disaster pools, has been very successful in the case of Pool Re’s ability to manage the exposure to the taxpayer. The scheme has paid out more than £600 million without any direct cost to the government, or by increasing regulation and taxation to the market.

Pool Re notes that the development of wider disaster pools, structurally akin to Pool Re, provides a model to mitigate against systemic risk in many of the great challenges of our age, such as climate change and pandemics, and may provide a solution for the cyber threat. Finally, effective collaboration between the private and public sectors in forming disaster pools should be aimed at finding solutions that ensure the optimum balance between the state and the market’s responsibilities, with the ultimate aim of enabling the market to operate and enhancing the resilience of the British economy against the future effects of terrorism.