My Basket0

Components of a major cyber event: A (re)insurance approach

Lecture

Publication date:

30 April 2025

Last updated:

21 May 2025

Author(s):

Dr Lucy Fraser, Senior Policy Advisor, Association of British Insurers, Geraldine Kearney, Senior Corporate Underwriter/Legal Consultant, Munich Re, Fraser Barr MA ACII CISMP, Cyber Broker, Global Cyber Practice, Aon, Souki Chahid, Managing Director, Head of Cyber Analytics, Guy Carpenter

In this Insurance Institute of London (IIL) reinsurance webinar, Dr Lucy Fraser, Senior Policy Advisor, Association of British Insurers, Geraldine Kearney, Senior Corporate Underwriter/Legal Consultant, Munich Re, Fraser Barr MA ACII CISMP, Cyber Broker, Global Cyber Practice, Aon, and Souki Chahid, Managing Director, Head of Cyber Analytics, Guy Carpenter, discussed the ABI and Lloyd’s of London paper, ‘Components of a Major Cyber Event: A (Re)Insurance Approach’. The emerging and incredibly complex nature of cyber threats are a crucial challenge to our industry. There is no one single definition of a major cyber event, and history does not yet provide enough evidence to build one. However, getting ahead of these threats and understanding the risk they pose is where our industry excels. By collaborating with Lloyd’s, the webinar speakers and colleagues have been able to develop a framework and a consistent set of components for firms to consider when trying to build their own definitions. This should provide more certainty for insurers, government and customers.

The webinar focused on the ABI and Lloyd’s of London co-published guide for (re)insurers on how to approach defining a major cyber event. As one of the most prominent systemic and emerging risks, there are not many historic major cyber events for insurers to look at when trying to establish clear definitions and policy wording. The 'Components of a major cyber event: a (re) insurance approach' seeks to address this by setting out the factors (re)insurers should consider and provides a framework to follow when defining what constitutes a major cyber event. Written by senior cyber (re)insurance leaders, which include the four webinar speakers, the paper represents a joint effort to build shared approaches across the industry. The steps that need to be considered, and given varying degrees of emphasis, when defining a major event include:

  • WHO is responsible for the event and whether their intentions were malicious or not?
  • WHAT was the cause of loss?
  • WHERE did it occur geographically, in the digital ecosystem and the insured population?
  • WHEN did the event start and how long did it last for?
  • HOW did the cyber event spread - was it manual or automatic?
  • WHY did the event occur? Was the motive for financial or political gain?
  • IMPACT quantified as monetary loss

 

Duration: 53 minutes